Compliance of General Data Protection Regulation (GDPR) rules remain low across the globe, according to the latest research from Dimensional Research. Reports from the Business Information Industry Association (BIIA) on Tuesday (Aug. 21) said Dimensional Research’s latest findings suggest most companies are still not fully GDPR-compliant, with only 20 percent reporting they are fully adhering to the new data security rules.
When researchers isolated the findings to businesses in the European Union (EU), they found only marginal improvement, with 27 EU companies reporting GDPR compliance. Twenty-one percent of U.K. and U.S. firms are compliant with the rules, analysts found.
According to the BIIA, despite the low figures, the findings are not necessarily surprising, considering “most Country Regulators are not ready” for GDPR, either. More than 90 percent of businesses surveyed by Dimensional Research said they plan to be fully GDPR-compliant by the end of 2019. Researchers did find reason for optimism, though, with the number of companies reporting progress in their GDPR implementation efforts jumping significantly from 38 percent to 66 percent in the U.S., and from 37 percent to 73 percent in the U.K., compared to this time last year.
However, the cost of GDPR compliance is significant. The report found 27 percent of companies have spent more than $500,000 to become GDPR-compliant, while an additional third said they plan to spend more than $500,000 in their GDPR compliance efforts before the year is over. Nearly one-fifth of U.K. companies said they have spent at least $1 million on compliance initiatives.
As companies make slow-but-steady progress in their GDPR efforts, analysts warn that companies with global supply chains are particularly challenged by compliance requirements. Rising reliance on digital platforms to connect with business partners has companies developing data pools, which spread along the supply chain between suppliers, logistics providers and other third-party partners.
The challenge, experts said, is to not only safeguard one’s company systems, but to ensure all of their business partners’ systems are compliant with GDPR requirements, too.