View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
January 2, 2018

GDPR compliance severely underestimated by Fortune & FTSE companies

Vast majority consider themselves on track to be compliant but most don't have dedicated resources.

By James Nunns

The vast majority of FTSE 350 and Fortune 500 believe they are well on track when it comes to complying with GDPR regulations – underestimating the enormous task facing them.

A survey of 100 FTSE 350 General Counse and Chieft Security Officers, and 100 Fortune 500 GCs and CSOs by law firm Paul Hastings found that 98% of Fortune companies consider themselves to be on track for GDPR, whilst 94% of FTSE companies say the same.

Although steps are being taken to move in the right direction, over half of companies across the UK and US are extremely unlikely to be ready in time for the May 2018 deadline. GDPR Infographic

According to the research only 43% are setting up an internal GDPR taskforce (39% in the UK and 47% in the US), whilst a third are hiring a third-party to conduct a GDPR gap analysis (tied at 33% for US and UK) and one one in three is hiring a third-party consultant or counsel to assist with compliance (33% UK and 37% US).

There’s also some serious concern when it comes to hiring a Data Privacy Officer, which is a crucial requirement for any business that is involved in the ‘large scale monitoring of individuals.’ The hiring of a DPO or additional privacy staff has only been actions by 29% of GCs/CSOs, with only 18% of Fortune 500 companies hiring and only 10% of UK companies allocating a budget for GDPR compliance.

Cybersecurity in 2018: Expect GDPR fines, more breaches and an AI arms race
GDPR: The Importance of Data Privacy Impact Assessments
Just half of UK business confident of cybersecurity skills as GDPR nears

Behnam Dayanim, partner and global co-chair of the Privacy and Cybersecurity practice at international law firm Paul Hastings, said: “Achieving GDPR compliance is an enormous task – one that in our experience almost inevitably requires dedicated resources and budget. Against that backdrop, the confidence among major corporations revealed in our survey seems mismatched with those same businesses’ reports of their implementation efforts.

“With so few companies undertaking key compliance measures to date, it will be a race to the finish line for those needing to meet the terms of this wide-reaching regulation. This unfortunately seems to be setting up a scenario for multiple investigations and enforcement activities once the implementation date arrives.”

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU