Though Companies Lag in Compliance, Brexit Not (Totally) Derailing UK GDPR Plans

Though Companies Lag in Compliance, Brexit Not (Totally) Derailing UK GDPR Plans

When it comes to how prepared UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR) May 2018 deadline, they’re roughly in line with their US counterparts—meaning that companies on both sides of the pond are lagging in their efforts. And for the UK, Brexit’s effect is not as widespread as feared.

With only eight months to comply with the GDPR, the most sweeping change to data protection in decades, companies all over the world are determining how to best adjust their internal systems and processes in order to address compliance requirements.

TrustArc together with Dimensional Research surveyed 203 UK and 204 US IT professionals at companies with more than 500 employees, and found that while privacy and data protection is becoming increasingly important foci for IT departments (96% US; 94% UK), GDPR compliance efforts are lacking across the board.

Among both UK and US privacy professionals, more than 60% of respondents have not begun their GDPR implementation, and 90% said they need to invest in additional capabilities to comply with the new standard. Just over half are investing in technology and tools to automate and operationalize data privacy (55% US; 57% UK).

Interestingly, more US than UK companies expect to invest significant amounts of money to comply with GDPR: About 83% of US companies expect GDPR spending to be at least $100,000, whereas only 69% of UK companies expect to spend the same amount (74,000 GBP). Further, almost a quarter (23%) of large US companies (over 5,000 employees) expect to spend more than $1 million (740,000 GBP) as compared to 19% of large UK companies.

Also, despite fears to the contrary, for UK companies, Brexit is not derailing their GDPR efforts, at least not entirely. Three-quarters of respondents in the UK (74%) said they are not reducing their GDPR budgets due to Brexit. However, a quarter (26%) of UK respondents said they are reducing their investment in GDPR remediation and another quarter (26%) indicated that they were putting their GDPR programs on hold until they could determine the impact of Brexit and the proposed UK Data Protection Bill on the GDPR. Only 32% of UK respondents indicated that Brexit has had no impact on their GDPR programs at all.

“The findings from both the US and UK surveys are in line with what we’re hearing from our clients about the increased complexity of privacy management and the critical role of technology investments for complying with GDPR and for establishing an accountability program that is easy to implement and manage,” said Chris Babel, CEO of TrustArc. “Regardless of their location, companies are under extreme pressure to efficiently comply with the growing number of regulations like GDPR, and as a trusted partner, we are committed to empowering privacy professionals with the resources they need.”

Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit

Source: Information Security Magazine