Companies working hard on GDPR compliance, but health care and finance lag
When it comes to preparing for the new EU data privacy law, not all industries are created equal.
With 30 days to go, nearly half of companies in a recent survey reported they have completed more than 75 percent of the work to become compliant with the looming General Data Protection Regulation.
And a whopping 99 percent said they are seriously working on compliance with the European Union law, which goes into effect May 25 for anyone doing business in the EU or with an EU resident.
Netsparker, a London-based company specializing in web application security, commissioned the survey of 302 CEOs and other C-suite executives at U.S. companies. Netsparker CEO Ferruh Mavituna was not available for comment.
Related: The cost of complying with Europe’s new data law
The report, released earlier this month, said the health care and finance industries showed the “most resistance” to GDPR with the lowest levels of compliance work completed. Some 7 percent of health care companies said they are unlikely to be fully compliant by the deadline, while 3 percent of financial services companies reported they haven’t even begun the process yet.
Still, the report’s numbers show an increased awareness of the new law from a month ago, when an EY survey found that nearly two-thirds of 745 global executives were either studying GDPR while taking no action yet, or hadn’t even heard of it.
Likewise, an FTI Consulting Inc. survey of 30 in-house counsel at Fortune 1000 corporations found some respondents were “revving up to meet the changed standards as soon as possible, while others are waiting to see how the rules will be enforced before making any major, costly overhauls in data storage.”
The Netsparker survey found that over half the respondents were recruiting new team members to specifically handle GDPR compliance, and just under half were re-engineering existing internal security teams in an effort to save on costs.
Some 63 percent of the respondents said they have a data privacy officer, a new post required at most companies under the new law, while 28 percent said they were planning to hire one.
Compliance comes at a cost. About two-thirds of the respondents said they will spend between $50,000 and $100,000 to meet GDPR requirements. Another quarter of them said they’ll dish out between $100,000 and $1 million. And 10 percent of respondents said compliance with GDPR will cost them over $1 million.
Most respondents (53 percent) said they expect the technology industry to be most affected by GDPR, followed by online retailers at 45 percent, software companies at 44 percent, and financial services at 37 percent.