CompliancePoint Survey Shows that Although 75% of United States Businesses are Aware of the General Data Protection Regulation (GDPR), only 24% are Prepared to Comply

Share Article

Majority of U.S. Businesses Polled Report that their Organizations do not Feel Prepared to comply with the GDPR Regulations


The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). These regulations, become enforceable on May 25th 2018.

In preparation for the GDPR enforcement deadline, CompliancePoint, an information security and risk management consultancy, released a GDPR Readiness Survey to more accurately understand if businesses are prepared for the regulations, and how U.S. businesses anticipate they might be affected. Of those polled, 26% of respondents noted that they are unaware of the GDPR, while 44% said they were somewhat aware, and only 29% were fully aware. The survey also showed that only 24% of businesses said that they feel fully prepared for the regulation as the May 25th deadline approaches. Another 36% of businesses reported that their organizations are not prepared, while 31% stated they were somewhat prepared, and 9% said they were unsure.

CompliancePoint also asked respondents which issues were preventing their organization from becoming GDPR compliant. The majority of businesses were waiting to see what enforcement comes from the regulation (45.6%) and lack of regulatory understanding (39.7%), followed by lack of budget (36.8%) low brand visibility (33.8%) and the unconcerned (27.9%).

Of those with knowledge on GPDR, respondents were asked which of the Data Subject Rights requirements they anticipate being most challenging for their organization to comply with. The majority sited Records of Processing as the most challenging (48.5%) followed by Accountability (41.2%) Consent (39.7%) Data Portability (39.7%) and Right to Erasure (35.3%).

CompliancePoint suggests that GDPR poses direct risks to U.S. business. This position is supported by outside data collected from the U.S. Small Business Administration, which estimates that 98% of U.S. businesses export goods internationally, meaning, these businesses will be required to be GDPR compliant. Companies that fail to meet the regulatory requirements by the May 25th deadline face fines of up to +$20 Million Euros per infraction, or 4% of global revenue, whichever is greater.

“Many smaller organizations may not be considering their GDPR risk exposure as seriously as they should be,” says Greg Sparrow, senior vice president-general manager at CompliancePoint. “The survey data is concerning considering the number of U.S. businesses operating internationally, as well as the high number of businesses that lack knowledge and regulatory understanding in the case of GDPR.”

About CompliancePoint:

CompliancePoint is a leading provider of information security & risk management services focused on privacy, data security, compliance and vendor risk management. Our mission is to help our clients interact responsibly with their customers and the marketplace. We do this by providing a full suite of services across the entire life cycle of risk management using our FIND, FIX & MANAGE approach. CompliancePoint can help organizations prepare for GDPR with project initiation & buy in, strategic consulting, data inventory & mapping, readiness assessments, PIMS & ISMS framework design & implementation and ongoing program management & monitoring. Our history of dealing with both privacy and data security, inside knowledge of regulatory actions and combination of services and technology solutions makes CompliancePoint uniquely qualified to assist our clients with GDPR.
For more information, visit

1: Online survey presented to more than 1,300 business users and consumers throughout the United States from April 16 – 20, 2018.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Holly Avila
Visit website