U.S. firms are more ready for the General Data Protection Regulation (GDPR) than their European counterparts., according to “Getting to GDPR Compliance: Risk Evaluation and Strategies for Mitigation,” a study by Iapp and TrustArc.
Of the U.S. respondents to the poll of almost 500 security pros, 84% say they will be compliant by May 2, 2018.
But a fourth of EU companies will nor be prepared, the study reports. That may be because EU companies are “either less concerned or more lacking in resources,” it continues.
Overall, 88% of those surveyed say they fall under the GDPR’s scope, and 12% do not. Those that are affected include 85% of the U.S. corporations and 98% of those in the EU.
U.S. companies say they are 49.27% of the way toward compliance, versus 47.31% for European organizations.
Of course, different studies document varying levels of preparedness.
Among all respondents, the five greatest compliance risks are seen as:
But the order is slightly different when looking only at the U.S. There, the top dangers are:
And in the EU, where firms are presumably more aware, the list is:
The study also found that 17% of the U.S. firms rely on lawyers to navigate GDPR for them, compered with 9% in the EU.
The EU firms are more likely to invest in training than hire outside counsel.
Not appointing a data protection officer (DPO) ranked near the bottom of the list of dangers. The study notes that "it's likely this is something most organizations who must comply with the GDPR have already done, ad have thus checked it off the list of concerns.”
Overall, the number one risk mitigation choice is clear: training, training and training. Respondents selected “investing in training” as the number one risk mitigation response for all but the DPO risk.
EU and UK companies made up 44.38%, and U.S. firms another 44.38%. The remainder were from Canada (4.22%), non-EU European countries s(3.21%) and other (3.82%).