Thales News Release

Over One Third Of U.S. Businesses Do Not Feel Fully Prepared For GDPR Deadline, Thales Research Finds

November 17, 2017

Organizations are concerned about the GDPR’s impact on business operations, innovation and international relationships

Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its research on the EU General Data Protection Regulation (GDPR). The report, based on research by Censuswide and sponsored by Thales, captures the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as their perceptions on the new regulation’s business impact.

Click to Tweet: Approx 35% of U.S. orgs don’t think they will be fully prepared for GDPR come May 2018 @thales report:

Intended to improve personal data protection and increase accountability for data breaches, GDPR is perhaps the most comprehensive data privacy standard to date. However, the regulation presents a significant challenge for organizations that process the personal data of EU citizens, regardless of where the organization is headquartered. This means that any U.S. organization that handles data belonging EU citizens will be required to be GDPR compliant when the regulation comes into force in May 2018.

Gartner’s forecast predicts that by the end of 2018, over 50% of all companies affected by the GDPR will not be in full compliance with its requirements. According to the Thales report’s findings, around 35% of U.S. organizations already don’t believe they will be fully prepared for GDPR in time for the deadline. In addition, U.S. organizations are apprehensive about the GDPR’s impact on their business.

Key concerns of U.S. businesses:

  • Just over 56% believe that implementing measures to become GDPR compliant will increase the levels of complexity and red tape within their business.
  • Approximately 45% are concerned that the GDPR will hinder their organization’s innovation to some degree.
  • Almost 18% expect the GDPR to have a negative impact on relationships with their international partners.
  • Interestingly, while roughly 20% believe the GDPR will lead to fewer data breaches, 49% are concerned that its implementation will actually result in an increased number of breaches.

Although U.S. businesses have several concerns surrounding GDPR, over half (approximately 53%) remain optimistic that the GDPR will have no effect on their business operations whatsoever. Along the same lines, over a third of businesses (35%) suggest that a GDPR-type regulation is definitely required for handling the personal information of U.S. citizens.

Jim DeLorenzo, Solutions Manager, GDPR, Thales says:

“Organizations that are not prepared for the GDPR would be remiss to think that this regulation won’t impact their business operations. In fact, if organizations fail to comply, they could face multiple legal challenges as well as staggering fines, consequences that will undoubtedly garner negative attention. With so many U.S. businesses having a global reach, it’s imperative that American business leaders understand the ramifications of not complying with the GDPR.”

The research also examined consumer privacy and control concerns in the UK and Germany. The results reveal that almost half (47%) of consumers believe commercial organizations don’t care about their privacy, and that two in five (42%) don’t trust anyone to keep their personal information private.

Learn more about these results, download the Thales report – “Protecting private personal data – why there’s more to the GDPR than just fines.”

To help make sure your business is fit for GDPR, Thales has compiled a series of useful resources, which you can find here.


Thales commissioned the survey among 2,000 consumers in the UK and Germany (1,000 in each region), and 1,500 C-level executives in the UK, US and Germany (500 in each region). The research was conducted online by polling company Censuswide, an international research organisation, in August 2017.