Are US firms better prepared for the GDPR than the Europeans?

The GDPR comes into force in May 2018, and companies all over the world are scrambling to get ready for the new data regulation.

As we have explained in our e-book on the subject, the GDPR will apply to all companies that control and/or process personal data belonging to european citizens. In that sense, a company that is located outside of the European Union will have to concern itself with the GDPR just as much as a company that is located in, say, Amsterdam.

And apparently, when it comes to preparing for the GDPR, US companies hold the lead against their european counterparts.

The International Association of Privacy Professionals (IAPP) and TrustArc, a technology compliance company, have conducted a thorough study in which 84% of American respondents announce that they expect to be GDPR-compliant by May 25, 2018 compared with 72% of European respondents. That is the story from 

The researchers have surveyed almost 500 privacy professionals with equal numbers of respondents from the US and EU. The respondents were asked to rank perceived risk on a five-point scale.

European companies are struggling

Even though the GDPR applies to all companies that control and/or process personal data belonging to european citizens, it is somewhat surprising that more American companies expect themselves to be GDPR-compliant than european companies do.

European companies have heard about the GDPR for years now. Even though it is a very complicated piece of legislation, they should know what is waiting ahead of them. Interestingly, a previous study demonstrated that only one quarter of people in the US understand that the GDPR could potentially affect them. However, it would appear that the vast majority of American companies know what they are doing.

European companies are in a more difficult position. They absolutely have to make sure that they are GDPR-compliant in half a years’ time. So there is good reason to feel worried about those European companies that still, in the middle of November, are in doubt about the ramifications of the GDPR.

The biggest risks

Interestingly, the study also asked its respondents to rank what they consider to be the greatest risks associated with the GDPR.

Turns out that the GDPR’s 72-hour breach notification, data inventory and mapping, obtaining user consent and managing international data transfers is what keeps IT managers up at night.

In their respective quest to achieve compliance, there is a difference between European and American companies. US companies believe that the complexity of the GDPR requirements is the largest obstacle, while EU companies struggle with a lack of appropriate budget.

You can read much more about the GDPR and how to prepare for it in our free e-book. Download it right here.