While the General Data Protection Regulation (GDPR) - considered by the EU to be a great success and even a model at the international level - came into force at the end of May (see EUROPE 12027), the road to compliance for companies is still long. This is the conclusion drawn by the International Association of Privacy Professionals (IAPP) in a new report published on Thursday, October 18, in collaboration with Ernst & Young (EY).
Based on 550 responses to a questionnaire sent to several privacy professionals, the report reveals that only 44% of companies surveyed consider themselves in full compliance with the regulations, while 19% say they will "never" be. It should be noted that 43% of the survey respondents come from the United States and 37% from the EU.
Yet, companies invested heavily in 2017 to prepare for the GDPR. This investment took the form of hiring new people - an average of 2.8 full-time employees and 2.5 part-time employees just to ensure compliance with the GDPR. Large companies with more than 75,000 employees would have hired more than six full-time and six part-time employees.
The average company says it will spend a total of $3 million to comply with the new regulations, the study says.
The position of data protection officer, provided for in the regulation, has spread widely, with 89% of EU companies declaring that they have appointed one, while 67% have done so in the United States.
All in all, the report also points out that the GDPR seems much less complicated and confusing in practice than it was on paper for privacy professionals.
See the report: https://bit.ly/2EziBRc. (Original version in French by Marion Fontana)