SAN FRANCISCO: Only half of US-based businesses are aware of or preparing for EU regulation on data privacy due to become law by the end of the year, a new survey has found.
TRUSTe, a provider of data privacy management solutions, polled 202 professionals with knowledge of data privacy from companies with more than 250 employees in the US, UK, France and Germany and reported that awareness of the imminent General Data Protection Regulation (GDPR) was the highest amongst financial services companies, at 58%.
But it was lowest amongst tech companies (43%), which are some of the greatest users of data.
The survey was carried out just before last month's decision by the European Court of Justice that the long-standing "safe harbour" agreement allowing the transfer of European citizens' data to the US was no longer valid.
That caused uncertainty for thousands of companies, noted Chris Babel, TRUSTe CEO, but, he added, it was "the tip of the iceberg compared to the sweeping and stringent changes about to be adopted by EU regulators".
"The GDPR represents the most significant global development in data protection law in the last twenty years and for many US companies will require a complete restructuring of the way they currently collect, store and transfer personal data," he said.
"Despite over four years of high profile negotiations, half of companies are still unaware and there is a worrying chasm between those who are actively preparing and those blind to the changes ahead."
Companies with mature privacy programs (10-25 privacy employees) had the highest awareness and among these, two-thirds (65%) were starting to prepare even before the final law has been agreed.
Fully 83% had already allocated a budget with 21% allocating $0.5m or more to address the changes.
Just over half (56%) of this group also placed the issue high or very high on their Corporate Risk Register.
Despite the concerns four out of five companies (82%) surveyed felt the changes would have a positive impact on consumer data protection.
TRUSTe, a provider of data privacy management solutions, polled 202 professionals with knowledge of data privacy from companies with more than 250 employees in the US, UK, France and Germany and reported that awareness of the imminent General Data Protection Regulation (GDPR) was the highest amongst financial services companies, at 58%.
But it was lowest amongst tech companies (43%), which are some of the greatest users of data.
The survey was carried out just before last month's decision by the European Court of Justice that the long-standing "safe harbour" agreement allowing the transfer of European citizens' data to the US was no longer valid.
That caused uncertainty for thousands of companies, noted Chris Babel, TRUSTe CEO, but, he added, it was "the tip of the iceberg compared to the sweeping and stringent changes about to be adopted by EU regulators".
"The GDPR represents the most significant global development in data protection law in the last twenty years and for many US companies will require a complete restructuring of the way they currently collect, store and transfer personal data," he said.
"Despite over four years of high profile negotiations, half of companies are still unaware and there is a worrying chasm between those who are actively preparing and those blind to the changes ahead."
Companies with mature privacy programs (10-25 privacy employees) had the highest awareness and among these, two-thirds (65%) were starting to prepare even before the final law has been agreed.
Fully 83% had already allocated a budget with 21% allocating $0.5m or more to address the changes.
Just over half (56%) of this group also placed the issue high or very high on their Corporate Risk Register.
Despite the concerns four out of five companies (82%) surveyed felt the changes would have a positive impact on consumer data protection.
Data sourced from TRUSTe, Guardian; additional content by Warc staff
