Brands worldwide are trying to cope with the plethora of new privacy regulations — with varying results, according to Data Compliance Survey from Pathwire.
Of the firms polled, 62.4% are not “completely compliant” with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Virginia’s Consumer Data Protection Act (CDPA) and/or other regulations such as CAN-SPAM.
Some are close. While only 37.6% are in totally there, 44% are mostly so, while 8.9% are somewhat in compliance, 2% not in compliance at all and 7.6% are not sure whether they are.
But it depends on the region. In North America, 50% of firms simply don’t know which laws apply to them versus only 12% in EMEA. Still, 21.7% in North America and 65.4% in EMEA fall under one or all of the above laws.
Drilling down, 70.1% are regulated by GDPR, 9.3% are regulated by the CCPA and 8.6% are regulated by the CDPA.
Moreover, 61.6% have handled data from the EU, with 21.9% from the UK, while 21.1% have handled data from California (21.1%), and 17.2% from Virginia.
Overall, 76.7% agree that the EU is more privacy-conscious than North America.
The degree of compliance depends on the region. Of the North American respondents, 38.4% are completely compliant, versus 39% of EMEA companies.
But 46.3% of EMEA firms are mostly there, compared to 38.4% of North American outfits. And while only 0.3% of EMEA respondents are not at all in compliance, the figure hits 5.4% in North America.
It costs money to be a law-abiding company — 44.7% overall have had to add to their marketing stack or change their existing technology to comply. That number falls to 35.4% in North America but hits 49.5% in EMEA.
The cost has been only $1,000 per year or less for 52.1%. But 16% have been paying $1,000 to $5,000 per year, while 5.7% have been paying from $5,001 to $10,000 and 5.8% have been paying over $10,000. Another 20.3% are not sure.
In North America, 13.3% are paying more than $10,000 a year for technology, compared to 4.4% in EMEA. Yet privacy tech is costing $1,000 a year or less for 53.3% of AMEA firms and 42.7% for North American.
These costs, however, are only a fraction of the fines that firms could face.
“Non-compliant organizations face high penalties from data privacy regulators, regardless of where they’re based,” states Maylis de Bazelaire, who is in charge of legal & privacy at Pathwire.
De Bazelaire adds: “Aside from the reputational and contractual implications of now following the appropriate data protection regulations non-compliance could result in important financial sanctions—up to 20 million euros, or 4% of the annual turnover for GDPR!”
Pathwire surveyed 1,000 professionals in this area, including 65.4% in EMEA and 21.7% in North America.