GDPR Compliance Top Data Protection Priority for 92% of US Organizations in 2017, According to PwC Survey

New York, January 23, 2017 In a recent survey, nearly all of the respondents (92%) considered compliance with Europe’s landmark General Data Protection Regulation (GDPR) a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities. The GDPR Preparedness Pulse Survey released today by PwC US examines US GDPR preparedness and why US companies are willing to spend $1 million or more on GDPR readiness plans.

“No legislation rivals the potential global impact of the EU’s General Data Protection Regulation (GDPR), going into effect in April 2018. The new law will usher in cascading privacy demands that will require a renewed focus on data privacy for US companies that offer goods and services to EU citizens,” said Jay Cline, PwC’s US Privacy Leader. “Businesses that do not comply with GDPR face a potential 4% fine of global revenues, increasing the need to successfully navigate how to plan for and implement the necessary changes.”

While many organizations have already begun this process with a range of compliance efforts, many are still in the assessment phase. But despite their status in preparing to comply to the new regulations, most US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts -- with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.

Survey results also found that information security enhancement is a top GDPR initiative. While much of the discussion has focused on the law’s privacy-centric requirements, information-security obligations figure prominently in GDPR plans of US companies. Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.

Companies have already exhibited a variety of ways to comply with GDPR. Among those surveyed, Privacy Shield (77%) and binding corporate rules (75%) are more popular approaches for EU cross border compliance than model contracts (58%). Additionally, centralizing data centers in Europe (64%) and de-identifying European data (54%) are the most common ways that companies are reducing their GDPR risk exposure.

“American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers,” said Cline. “As European regulators in 2017 further clarify how they interpret GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives.”

You can view the findings of PwC’s GDPR Preparedness Pulse Survey here.

Methodology

PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the C-suite executives about their plans for Europe’s landmark General Data Protection Regulation (GDPR).

 

METHODOLOGY

PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the C-suite executives about their plans for Europe’s landmark General Data Protection Regulation (GDPR). 

METHODOLOGY

PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the C-suite executives about their plans for Europe’s landmark General Data Protection Regulation (GDPR). 

METHODOLOGY

PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the C-suite executives about their plans for Europe’s landmark General Data Protection Regulation (GDPR). 

METHODOLOGY

PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the C-suite executives about their plans for Europe’s landmark General Data Protection Regulation (GDPR). 

"The new law will usher in cascading privacy demands that will require a renewed focus on data privacy for US companies that offer goods and services to EU citizens"

Jay Cline, PwC’s US Privacy Leader

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2017 PwC. All rights reserved.

Contact us

Lina Woods
Advisory PR director
Tel: +1 (202) 367 6602
Email

Follow us