US companies not ready for GDPR

GDPR Preparations

                In preparing for GDPR, 22 percent of firms have developed a compliance plan. A similar percentage (21 percent) have conducted data audits and readiness assessments, including review of existing privacy policies, terms of services and consent protocols.

Despite the time and cost associated with GDPR compliance, most U.S. companies acknowledge receiving secondary benefits from the exercise. Nearly one in three companies see value in conducting an internal data audit; while 29 percent cite the benefits of reviewing and updating their data breach notification plan.

GDPR may have prompted some companies to examine their approach to data governance. Though relatively few companies (12 percent) have dedicated data governance officers or chief data officers that may change. One in four large companies surveyed indicate a strong likelihood to hire a data governance or chief data officer within the next two years.

Doing Business in the EU

The CompTIA survey also finds that U.S. companies are split on whether GDPR will impact their business opportunities in the EU. About one-third of the firms surveyed do not believe GDPR will have an impact on their current or future approach to business in the EU. Another third indicate GDPR may negatively impact their desire to engage in business activities in countries governed by GDPR. The remaining one-third of firms are unsure.

                The CompTIA research brief “The State of GDPR Preparedness in the U.S.” is based on the results of an April 2018 online survey of executives and professionals with some level of data responsibility for their organizations. A total of 400 individuals from small, medium and large companies across every industry sector of the U.S., economy participated in the survey.