A survey released last week by security software company TrustArc found that 99% of US-based privacy professionals believe they need help preparing for the EU General Data Protection Regulation (GDPR). The report, Privacy and the EU GDPR, also found that US organisations are now paying more attention to the Regulation, with 39% saying they have started to implement the requirements.
The GDPR in the US
Although it’s an EU regulation, the GDPR will still have a big influence in the US, as it applies to any organisation in the world that processes EU residents’ personal data. This should be a familiar practice for US organisations, as noted in a Sophos whitepaper published in February:
The GDPR should be of global interest, as it impacts any company doing business with European citizens – regardless of where the company is based. This is very similar to many US data protection laws. For example, a company based in France doing business with American customers in California must comply with California’s data protection law. If that same company also does business with customers in Massachusetts, then it must also comply with Massachusetts’ data protection law, and so on.
The advantage of universal data protection laws, as noted in the whitepaper, is that organisations across the globe don’t need to research and know the details of each of the 28 EU member states’ laws. It also means that, in the event of a breach, all organisations know how they must respond.
US companies see the GDPR as a top priority
The overarching finding of TrustArc’s report – that US organisations are paying the Regulation more attention – supports a trend seen in other recent surveys.
A PricewaterhouseCoopers survey published in April found that 92% of US multinationals considered preparing for the GDPR a top priority, and 54% said it was their highest priority.
In May, Varonis reported that US organisations were actually preparing better for the Regulation than European ones. For instance, 78% of US respondents said they had carried out an internal audit or a data protection impact assessment in the past year. By comparison, that figure stands at 60% for the UK, 68% for France and 65% for Germany.
Learn about the GDPR
If you’ve not started to prepare for the GDPR, it’s crucial that you begin now. An ideal starting place is IT Governance’s Certified EU General Data Protection Regulation Foundation (GDPR) Training Course. It provides a comprehensive introduction to the GDPR, as well as helping you understand how organisations of any size are affected and what their legal requirements are.
We also offer a GDPR gap analysis service for organisations looking to assess how well prepared they are for the Regulation. The service helps identify and prioritise the key areas that you need to address through an on-site review of your organisation.