GDPR deadlines are here

May 23, 2018
Majority of U.S. businesses polled report that their organizations do not feel prepared to comply with the GDPR regulations

Duluth GA, May 17, 2018 – The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).  These regulations, become enforceable on May 25, 2018.

In preparation for the GDPR enforcement deadline, CompliancePoint, an information security and risk management consultancy, released a GDPR Readiness Survey to more accurately understand if businesses are prepared for the regulations, and how U.S. businesses anticipate they might be affected. Of those polled, 26 percent of respondents noted that they are unaware of the GDPR, while 44 percent said they were somewhat aware, and only 29 percent were fully aware.  The survey also showed that only 24 percent of businesses said that they feel fully prepared for the regulation as the May 25th deadline approaches. Another 36 percent of businesses reported that their organizations are not prepared, while 31 percent stated they were somewhat prepared, and 9 percent said they were unsure. 

CompliancePoint also asked respondents which issues were preventing their organization from becoming GDPR compliant.  The majority of businesses were waiting to see what enforcement comes from the regulation (45.6%) and lack of regulatory understanding (39.7%), followed by lack of budget (36.8%) low brand visibility (33.8%) and the unconcerned (27.9%). 

Of those with knowledge on GPDR, respondents were asked which of the Data Subject Rights requirements they anticipate being most challenging for their organization to comply with.  The majority sited Records of Processing as the most challenging (48.5%) followed by Accountability (41.2%) Consent (39.7%) Data Portability (39.7%) and Right to Erasure (35.3%).

CompliancePoint suggests that GDPR poses direct risks to U.S. business.  This position is supported by outside data collected from the U.S. Small Business Administration, which estimates that 98% of U.S. businesses export goods internationally, meaning, these businesses will be required to be GDPR compliant.  Companies that fail to meet the regulatory requirements by the May 25 deadline face fines of up to +$20 Million Euros per infraction, or 4 percent of global revenue, whichever is greater. 

“Many smaller organizations may not be considering their GDPR risk exposure as seriously as they should be,” says Greg Sparrow, senior vice president-general manager at CompliancePoint. “The survey data is concerning considering the number of U.S. businesses operating internationally, as well as the high number of businesses that lack knowledge and regulatory understanding in the case of GDPR.” 

About CompliancePoint:

CompliancePoint is a leading provider of information security & risk management services focused on privacy, data security, compliance and vendor risk management. Our mission is to help our clients interact responsibly with their customers and the marketplace. We do this by providing a full suite of services across the entire lifecycle of risk management using our FIND, FIX & MANAGE approach. CompliancePoint can help organizations prepare for GDPR with project initiation & buy-in, strategic consulting, data inventory & mapping, readiness assessments, PIMS & ISMS framework design & implementation and ongoing program management & monitoring. Our history of dealing with both privacy and data security, inside knowledge of regulatory actions and combination of services and technology solutions makes CompliancePoint uniquely qualified to assist our clients with GDPR.

For more information, visit