May 22, 2019

Businesses Struggling with GDPR After One Year, Says Thomson Reuters Survey

EAGAN, Minn., May 22, 2018 – Businesses around the world are struggling to comply with the EU's General Data Protection Regulation (GDPR) one year after it went into effect, according to a new survey by Thomson Reuters.

The GDPR represents the most significant change in data privacy regulation in decades. But one year after it took effect on May 25, 2018, businesses are experiencing increasing difficulties in meeting its requirements and those of other data privacy laws and regulations.

Thomson Reuters surveyed data privacy professionals at global businesses and other organizations in nine countries in 2017 and again in December 2018 – before and after GDPR went into effect.

“GDPR +1 Year: Business Struggles with Data Privacy Regulations Increasing” found that difficulties meeting global data privacy requirements have increased since GDPR took effect:

  • More businesses globally are failing to meet regulatory requirements.
  • Half of businesses are having difficulty keeping up with fast-changing data privacy regulations.
  • Many businesses have found GDPR compliance more difficult than expected.

A whopping 79 percent of global businesses surveyed say that they are either failing to meet regulatory requirements, or having trouble keeping up to date, or both, even after nearly one year under GDPR. This compares with 72 percent prior to GDPR going into effect.

Businesses in Australia were most likely to say they are failing to meet data privacy requirements, whether involving GDPR or other laws and regulations around the world. Businesses in the United States were most likely to say they are having difficulty keeping up to date or are falling further behind.

According to the experts at Thomson Reuters Data Privacy Advisor, several other countries have adopted new data privacy laws, regulations, or guidance in the wake of GDPR, including Brazil, Peru, Bahrain, and Israel. Various bills have been introduced in Congress to expand U.S. data privacy laws, with more comprehensive solutions under discussion.

The California Consumer Privacy Act (CCPA), which establishes strict new data privacy requirements, is set to take effect on Jan. 1, 2020. The survey found that 81 percent of businesses worldwide are aware of CCPA, but barely half (57 percent) consider themselves knowledgeable about it.

“Data privacy laws and regulations are growing every day, and businesses are finding it increasingly difficult to comply and keep up with these fast-changing requirements,” said Emily Colbert, vice president of Practical Law, Thomson Reuters. “The requirements are often complex, vary significantly by country and region, and can carry significant penalties for non-compliance. Our survey found that many businesses say they are in danger of falling further behind as these regulations expand around the globe, potentially putting their companies at risk of sanctions.”

“Our customers are telling us that as these laws and regulations spread, they need more adaptive automated tools and practical guidance to avoid being buried in the flood of new mandates,” continued Colbert. “We’re working closely with them to provide the resources they need to understand and meet their obligations as the laws and regulations continue to evolve.”

“GDPR +1 Year: Business Struggles with Data Privacy Regulations Increasing” can be downloaded here:

Thomson Reuters

Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Thomson Reuters shares are listed on the Toronto and New York Stock Exchanges. For more information on Thomson Reuters, visit and for the latest world news,


Scott Augustin
Thomson Reuters