Are most companies ready for GDPR? It depends on who you ask

About a month from now, the General Data Protection Regulation (GDPR) will be fully enforceable. But as the May 25, 2018 deadline nears, there seems to be no true consensus about how many companies are truly prepared.

GDPR mandates how entities handle EU citizens’ data no matter where they reside. Organizations in breach of GDPR can be fined up to 4 percent of their annual global turnover or €20 million (whichever is greater).

Let’s take a look at four different study results released this week so far. (It’s only Wednesday.)

60 percent of companies will be ready

On Monday, London-based McDermott, Will & Emery released new GDPR research carried out by the Ponemon Institute that said that 40 percent of the companies surveyed will not be ready. The Race to GDPR: A Study of Companies in the United States & Europe surveyed a total of 1003 individuals: 582 in the United States and 421 in the European Union.

Almost half (48 percent) of the companies surveyed say they will not meet the May 25 deadline though 40 percent expect to be in compliance after the deadline.

Actually, only 40 percent will be ready

A Crowd Research Partners report drawn from the Information Security Community on LinkedIn, says that only 40 percent of the organizations surveyed will be fully compliant by the GDPR deadline, a complete reverse from the McDermott, Will & Emery report.

Crowd Research Partners surveyed 531 IT, cybersecurity and compliance professionals.

The survey also found that only 7 percent are in full compliance with GDPR requirements and 33 percent said they were on their way.

Make it 95 percent

A  World Federation of Advertisers (WFA) survey released Wednesday says that 95 percent of respondents plan to be fully compliant by the deadline. The report was based on a fairly small data set (only 44 representatives from 34 companies).

Of that 95 percent, 74 percent said they believe their company will likely be fully compliant by the deadline, with 42 percent of those respondents saying they would definitely be.

How about 98 percent?

A Netsparker GDPR survey of more than 300 C-level security executives found that companies are taking GDPR very seriously. Only 2 percent of those surveyed said that they do not expect to be compliant by the deadline. Of all the surveys, this one portrayed marketers working hard at getting compliant, with about half (49 percent) of respondents 75 percent through the process.

It doesn’t add up

The only conclusion you can reach when looking at such disparate survey results is that there is a world of confusion around GDPR. Even while I was sitting in a workshop about GDPR compliance at this week’s MarTech Conference, attendees were unclear about issues such as what is data (yes, it does include photos); can you bundle data (no); and what they needed to do to be in full compliance. The only thing we can say for sure that is that May 25 is coming, whether companies are prepared — or not.

Questions about GDPR? Download our free guide, The General Data Protection Regulation: GDPR — A Guide for Marketers.