by Angela Guess

A recent press release reports, “Results from the IAPP / TRUSTe GDPR Privacy Benchmarking Study provide insight into how companies are preparing for the sweeping changes to privacy laws under the EU General Data Protection Regulation (GDPR). The study profiled companies on overall preparations for the GDPR, along with actions taken on key components including assigning a Data Protection Officer, understanding where and how personal data is used within their organization, and conducting Data Privacy Impact Assessments.”

According to the release, key takeaways include: “9 in 10 companies have actively begun to address the regulation, including 43% who have a plan in place and 49% who have started implementing their GDPR compliance plan. EU companies are further along the compliance path with 67% reporting their implementation is underway or completed vs. 42% for the US. Privacy Assessments and Data Mapping projects are conducted with a mix of technology tools plus manual processes like email and spreadsheets.”

It notes, “The GDPR overhauls the data privacy legal requirements for companies operating in the EU, including companies based outside the EU that have customers or employees located there. The regulation, put into effect in May 2016, mandates companies comply with a broad range of items by May 2018, including requirements to conduct Data Privacy Impact Assessments (PIAs / DPIAs) for high risk processing, designate a Data Protection Officer (DPO), and demonstrate their privacy program meets all elements of the 200 page regulation. The regulation includes stiff penalties, which can equal 4% of annual sales.”

Read more at PR Newswire.

Photo credit: Flickr