GDPR compliance is a top data protection priority for 92% of US organisations in 2017, according to a PwC Survey.
In this recent survey, nearly all of the respondents considered compliance with Europe’s landmark General Data Protection Regulation (GDPR) a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities.
The GDPR Preparedness Pulse Survey released today by PwC US examines US GDPR preparedness and why US companies are willing to spend $1 million or more on GDPR readiness plans.
“No legislation rivals the potential global impact of the EU’s General Data Protection Regulation (GDPR), going into effect in April 2018,” said Jay Cline, PwC’s US privacy leader.
>See also: GDPR: Out with the old in with the EU
“The new law will usher in cascading privacy demands that will require a renewed focus on data privacy for US companies that offer goods and services to EU citizens.”
“Businesses that do not comply with GDPR face a potential 4% fine of global revenues, increasing the need to successfully navigate how to plan for and implement the necessary changes.”
While many organisations have already begun this process with a range of compliance efforts, many are still in the assessment phase.
But despite their status in preparing to comply to the new regulations, most US Companies are already planning to invest in GDPR.
According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts – with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.
Survey results also found that information security enhancement is a top GDPR initiative.
While much of the discussion has focused on the law’s privacy-centric requirements, information-security obligations figure prominently in GDPR plans of US companies.
Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.
>See also: Why the cloud makes the EU-US Privacy Shield meaningless
Companies have already exhibited a variety of ways to comply with GDPR.
Among those surveyed, Privacy Shield (77%) and binding corporate rules (75%) are more popular approaches for EU cross border compliance than model contracts (58%).
Additionally, centralising data centres in Europe (64%) and de-identifying European data (54%) are the most common ways that companies are reducing their GDPR risk exposure.
“American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers,” said Cline.
“As European regulators in 2017 further clarify how they interpret GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives.”