US companies still falling short on data privacy, research finds

Results of a new data protection compliance study show that companies in North America still have a long way to go to get up to speed with evolving data privacy laws.

The study took into account organisational efforts to align with the EU’s General Data Protection Regulation. Of the companies surveyed, 50% said they failed to meet the GDPR’s deadline of 25th May 2018, while 70% said that their business infrastructures simply couldn’t adapt to cutting-edge legislation.

The results make for disconcerting reading as America’s businesses prepare for the arrival of the California Consumer Protection Act, which comes into effect on January 1st 2020.

Co-founder and CEO of privacy compliance specialists, DataGrail, Daniel Barber, said:

“The interesting thing here was that, in preparing to become GDPR ready, a lot of the companies tried to build something in-house to try to scramble, if you will, to become GDPR ready.”

The survey, named “The Age of Privacy: The Cost of Continuous Compliance” took in the views of 301 professionals based in the States, who work in technology, operations, legal and risk and compliance spheres.

Most of those polled said they felt at least seven months would be needed to prepare for the GDPR, while 71% said they could get their houses in order to comply with the California Consumer Privacy Act.

Mr Barber said that the research results illustrate how “most companies still rely on piecemeal technology solutions and manual processes, when they should be turning to privacy management solutions purpose-built for privacy regulations.

“Companies will need to integrate and operationalise their privacy management to avoid the time-consuming and error-prone manual processes to comply with these regulations,” he added.

The report found that the complexity of the GDPR was the source of most of the challenges to compliance. Other obstacles stemmed from insufficient time and human resources available to strategise and implement compliance programmes.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.