Study Finds Many Companies Still Not Prepared for GDPR Compliance

General Data Protection Regulation (GDPR)

Written By ESR News Blog Editor Thomas Ahearn

A study released in September of 2019 about the General Data Protection Regulation (GDPR) – which took effect on May 25, 2018, to regulate the transferring of personal information from the European Union (EU) – found many companies around the world are still not prepared for GDPR compliance and potential EU data breaches.

The study titled “Keeping Pace in the GDPR Race: A Global View of GDPR Progress in the United States, Europe, China, and Japan” is a follow up to, and an expansion of, an earlier study titled “The Race to GDPR: A Study of Companies in the United States & Europe” that was released in April of 2018.

Sponsored by McDermott Will & Emory (WME) and WME China Law Offices – and independently conducted by Ponemon Institute – the study reflected practical difficulties and regional differences in levels of adherence to GDPR across the United States, Europe, China, and Japan. Key findings of the study include:

  • 54 percent of responding organizations from all geographic areas reported GDPR implementation had taken longer than anticipated.
  • 46 percent of responding organizations from all geographic areas reported they had an average of two reportable data breaches since GDPR came into effect.
  • 45 percent of responding organizations in the United States experienced cyberattacks under GDPR compared to 38 percent in Japan, 34 percent in Europe, and 31 percent in China.
  • 24 percent of responding organizations from all geographic areas reported their readiness and confidence to respond to a GDPR data breach was very low.
  • 18 percent of responding organizations from all geographic areas were highly confident in their ability to communicate a reportable data breach within 72 hours of awareness.

The study tackled ongoing challenges organizations face in the wake of GDPR. Participants in the study worked in a variety of departments, including IT (Information Technology), IT security, compliance, legal, data protection office, and privacy. All organizations represented in the research were subject to the GDPR.

EU member countries include Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.

GDPR non-compliance can be costly. In January of 2019, Google was fined €50 million euros – nearly $57 million U.S. dollars – by France’s National Data Protection Commission for an alleged lack of transparency, inadequate information, and lack of valid consent regarding advertisements in accordance with the GDPR.

Employment Screening Resources® (ESR) – a leading global background check firm – has incorporated fully compliant GDPR policies, procedures, and technologies to help U.S. employers to perform background screening on EU subject by providing required GDPR related tools and support for various GDPR rights.

ESR won the 2018 TekTonic Award from HRO Today Magazine that recognizes innovation and disruption in Human Resources (HR) and recruiting technology for the ESR Assured Compliance® system that helps employers maintain compliance with the ever-changing patchwork of background screening laws.

In addition to GDPR-compliant technology, ESR has self-certified adherence to the EU-U.S. Privacy Shield Framework with approval from the International Trade Administration (ITA). ESR was one of the first adopters of the EU-U.S. Privacy Shield Framework with an original certification date of August 12, 2016.

ESR’s global background screening solution reaches more than 240 countries and helps companies receive accurate and primary source international data transferred in a manner that complies with local laws and regulations. To learn more, visit www.esrcheck.com/Background-Checks/ESR-Global-Solutions/.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.