According to the survey by international law firm Paul Hastings, fewer than half (39% in the UK and 47% in the US) have launched an internal GDPR taskforce, only a third are hiring a third-party to conduct a GDPR gap analysis, and only a third are hiring a third-party consultant to assist with compliance.
The study's authors insist this shows many companies are not as well-prepared as they think.
Despite being one of the crucial requirements for GDPR compliance for any business involved in the “large scale monitoring of individuals”, only 29% of top UK firms and 18% of top US firms are hiring a data privacy officer or additional privacy staff, and only 10% of UK companies polled have allocated dedicated budget.
Paul Hastings partner and global co-chair of the privacy and cyber security practice Behnam Dayanim said: “Achieving GDPR compliance is an enormous task, which in our experience almost inevitably requires dedicated resources and budget.
“Against that backdrop, the confidence among major corporations revealed in our survey seems mismatched with those same businesses’ reports of their implementation efforts,” he added.
Dayanim maintained that with so few companies undertaking key compliance measures to date, it will be “a race to the finish line” for those needing to meet the terms of the Regulation. “This unfortunately seems to be setting up a scenario for multiple investigations and enforcement activities once the implementation date arrives,” he warned.