Majority of U.S. Businesses Do Not Feel Prepared to Comply with the GDPR Regulations

May 24, 2018


The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). These regulations, become enforceable on May 25, 2018.

In preparation for the GDPR enforcement deadline, CompliancePoint, an information security and risk management consultancy, released a GDPR Readiness Survey to more accurately understand if businesses are prepared for the regulations, and how U.S. businesses anticipate they might be affected. Of those polled, 26% of respondents noted that they are unaware of the GDPR, while 44% said they were somewhat aware, and only 29% were fully aware. The survey also showed that only 24% of businesses said that they feel fully prepared for the regulation as the deadline approaches. Another 36% of businesses reported that their organizations are not prepared, while 31% stated they were somewhat prepared, and 9% said they were unsure. 

CompliancePoint also asked respondents which issues were preventing their organization from becoming GDPR compliant.  The majority of businesses were waiting to see what enforcement comes from the regulation (45.6%) and lack of regulatory understanding (39.7%), followed by lack of budget (36.8%) low brand visibility (33.8%) and the unconcerned (27.9%). 

Of those with knowledge on GPDR, respondents were asked which of the Data Subject Rights requirements they anticipate being most challenging for their organization to comply with.  The majority sited Records of Processing as the most challenging (48.5%) followed by Accountability (41.2%) Consent (39.7%) Data Portability (39.7%) and Right to Erasure (35.3%).