Skip to main content
close search
site logo
Dive Brief

Media and retail falling behind in GDPR compliance, Forrester says

Published Feb. 5, 2018
By
Associate Editor
Kendall Davis

Dive Brief:

  • Businesses in more regulated industries, such as healthcare, public sector and financial services, are farther ahead in GDPR compliance than media and retail companies, many of which are still in the early stages of becoming compliant, according to a Forrester report.
  • Almost 30% of companies report being in full compliance with the upcoming regulations while 16% reported partial compliance. About 20% expect to reach compliance sometime in 2018. Forrester expressed reservations that companies claiming to be compliant are not because only a portion have "actually engaged in data discovery and classification exercises as well as built data flow maps and run gap analysis."
  • Many firms not located in the European Union do not think GDPR will apply to them, but given its extraterritorial effect "the percentage of companies not affected by GDPR is small." This means many companies may require more guidance to understand how the regulations might impact their industry and firm, reports Forrester. 
European companies were more pessimistic about the state of their GDPR compliance.
Forrester
 

Dive Insight:

The road to compliance is not made easier by the fact that GDPR is rather vague. It sets out standards companies need to meet, such as tying collected information to specific individuals, but it does not say how to do these things.

Companies can ease the burden with a "GDPR program manager" to oversee the operation side of compliance, as well as by involving all involved teams from the beginning, investing in continuous compliance solutions and executing clear strategies and governance models, according to the report. 

Although compliance and noncompliance both come with heavy costs, potentially up in the millions, noncompliance ultimately is far riskier for a company, from an economically and reputation perspective. In Europe, where the impact and knowledge of the regulation is more potent, the pessimism in compliance levels speaks to the burden it places on data controllers and processors. 

But looking at compliance at the individual company level is not enough. Contractual pressures are sure to push more companies toward compliance, because a company is only as compliant as other companies it works with that handle its data.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell