GDPR triggers privacy hiring, $3M in average spend; 1 in 5 say they’ll never be complian

By: Trademagazin Date: 2019. 03. 13. 10:37

Last year, the 2017 Privacy Governance Report welcomed the arrival of the European Union’s General Data Protection Regulation, both the compliance efforts and the corresponding angst over how to accomplish a list of daunting, if not impossible, tasks. One year later, we see in the 2018 survey that organizations have bulked up their privacy teams, tackled the hard work of implementing GDPR programs, spent a lot of money to get there (an average of $1.3 million, with an additional $1.8 million expected), and learned many lessons along the way. Indeed, there is still a long way to go: Fewer than 50 percent of survey respondents report they are “fully compliant” with the GDPR, and nearly one in five admit that full GDPR compliance is truly impossible. But there is good news: The GDPR looks a lot less complicated and confusing in practice than it initially did on paper. While privacy professionals are still struggling with certain tasks, difficulty scores have dropped considerably for every individual compliance process.Like last year, of course, with the GDPR dominating the privacy narrative, we see considerable growth in the number of privacy professionals working for European organizations and responding to the survey. Membership in the IAPP has eclipsed 44,000 members — 14,000 more (47 percent growth) than last year at this time. Nearly 13,000 of the membership are domiciled in Europe. Commensurately, in this year’s survey, 37 percent of respondents are from the European Union (including, for now, the United Kingdom), up from 22 percent in 2017 and 19 percent in 2016. Those who have been following the governance report since its first year in 2015 will see shifts in the data corresponding to this shift in respondent demographics. Further, the GDPR launches into the regulated arena many firms that were previously not regulated for data protection and privacy issues. It is, as privacy professionals now know, just the tip of a growing iceberg of global privacy regulations. Accordingly, we are seeing significant growth in the number of full time staff dedicated to privacy, with the global mean now at 10 full-time privacy staff.One key finding is that privacy is increasingly a stand-alone issue of corporate significance, not tied as integrally to data breach as in previous years. Here are some other key results:• 76 percent of all respondents believe their firm falls under the scope of the GDPR.• Acquiring and maintaining business relationships is a key driver of GDPR compliance; B2B-focused businesses are far more likely than B2C and even than blended firms to have full-time privacy professionals working in their privacy programs

Related news