How the EU's GDPR is Affecting U.S. Companies

When it comes to data security and privacy, the European General Data Protection Regulation (GDPR) is top of mind for organizations everywhere. That’s because it applies to any organization that collects and stores personal data about EU citizens. Which means it impacts organizations around the world, including many in the U.S.

So there are a flurry of discussions and surveys out there right now to figure out what everyone’s doing to get ready—and whether we can all get ready in time. Here are some key stats that stood out to us from surveys by PwC and Gartner:

Most consider it a top priority

A few multi-national firms based in the U.S. might be betting on the fact that it might be difficult to enforce the GDPR. But most organizations consider it a top priority and are taking steps to get in compliance. In fact, 92% of U.S. organizations told PwC that it’s one of their top security priorities right now.

Most are spending millions to get ready

The GDPR imposes hefty fines for non-compliance, up to 4% of an organization’s global revenue. That could come as quite a hit to your pocketbook. So many organizations are putting in the time and money to level up their data security and avoid these potential penalties. A PwC survey found that nearly 70% of organizations plan to spend anywhere from $1 million to $10 million. And 9% of organizations think they might have to spend more than $10 million.

They’re adopting model clauses and the Privacy Shield

Many companies are taking other interim steps to show that they plan to comply with the new laws. For example, 58% of respondents in the PwC survey said that they’re adopting model clauses in their contracts. These help ensure that certain data protection standards are being met when you’re working with a vendor. And 77% of organizations are joining the EU-US Privacy Shield. This is a self-certification program run by the U.S. Department of Commerce and the U.S. Federal Trade Commission.

Many are rethinking how they operate in Europe

Most U.S. companies with a big presence in Europe plan to continue doing business in Europe. But now they’re looking for more efficient ways to operate. Here’s the break down from PwC:

  • 64% are thinking about centralizing their data centers in Europe
  • 54% plan to anonymize European personal data across the board
  • 32% are thinking about reducing their presence in Europe
  • 26% might leave the European market altogether

Around half won’t get ready in time

Many analysts and surveys are all saying the same thing—we’re not getting ready fast enough. In general, U.S. companies are lagging behind their European peers. And while many U.S. companies are taking great strides to meet the deadline, Gartner predicts that more than half of them won’t be in full compliance even by the end of 2018.

Some are choosing to move to the Microsoft cloud

If you haven’t already moved to the cloud, this is yet another reason to make the leap. Microsoft shared that their cloud services will comply with GDPR by the deadline. So you can accelerate your own GDPR compliance by moving to the cloud. And we at Binary Tree can help you get there. See more about how we can help you transform to Office 365.