Contrary to many mainstream media reports that indicate a lack of GDPR awareness, more than 90% of organizations have begun preparing for GDPR compliance.

A new benchmarking study by IAPP & TRUSTe is available: Preparing for EU GDPR: DPOs, PIAs, and Data Mapping.

EU GDPR Study Key Takeaways

    • Over 90% of survey respondents have at least begun preparations for GDPR compliance.
    • EU companies are further along the compliance path, with 67% reporting their implementation is underway or completed vs. 42% for the US.
    • 43% of companies report they already conduct data inventory and mapping projects, and another 30% plan to do so in the next 12 months.  
    • 71% of organizations are currently conducting Data Privacy Impact Assessments.  

Broad Reaching Effects Due to the GDPR

Over 73% of respondents have customers or employees in the EU, and 68% stated that their organization must meet GDPR requirements. Demonstrating how the GDPR has a broad reach and encompasses companies of all sizes and locations.

Most companies, over 90%, have begun to prepare which demonstrates that privacy professionals are taking these new requirements seriously. 

Roughly 80% of survey respondents interpreted the GDPR as requiring their organization to appoint a DPO (additional guidance on this requirement is expected to arrive in December).

Although conducting privacy assessments is also a requirement under GDPR, many organizations already conduct them as part of their privacy program.

The importance of conducting these assessments is illustrated by the fact that 78% of organizations that report the GDPR doesn’t apply to them will still conduct privacy assessments.

To complete these assessments, companies are using a mixture of technology plus manual processes.

Fewer organizations engage in routine data inventory and mapping for privacy management purposes.

Preparing for EU GDPR Study Background

The study included a broad cross section of organizations in the US, EU, Canada, and other jurisdictions such as Asia and the Middle East.

Companies of all sizes are represented, ranging from below 1,000 employees to more than 25,000 employees. Industries ranged from software and services to government offices and health care.

Download the full Study

Companies gave feedback on overall preparations for the GDPR, along with actions taken on key components including assigning a Data Protection Officer, understanding where and how personal data is used within their organization, and conducting Data Privacy Impact Assessments.    

Practical Steps to Manage the EU General Data Protection Regulation

Organizations of all sizes and geographic locations are preparing to meet GDPR requirements.

Chances are your organization also has to meet these requirements, so preparations should have started already.

TrustArc essential guide to GDPR compliance


Get your 5 phase GDPR compliance roadmap.