62% of Companies Unaware of Applicable Data Privacy Regulations: Study


How have the increasing and tightening data privacy regulations impacted companies worldwide? And what have companies done to comply with these regulations? To understand this, Pathwire surveyed over 1,000 professionals worldwide and asked them how they have dealt with increasing consumers’ data consciousness.

A major finding from the Data Compliance SurveyOpens a new window  was that about 62.4% of companies were unaware of which regulations applied to them. Further, close to half (44.7%) companies had to change or add marketing technology (Martech) to comply with data privacy regulations. The following are a few more findings in detail.

1. Many Companies Are Not Aware of Applicable Privacy Regulations

The study found that while most companies knew where their customers were based, quite a few companies did not know what regulations applied to them. In fact, close to one-quarter (24.4%) did not know if their organization came under any jurisdiction. Further, the study also found that a significant percentage of North American businesses did not know what data privacy regulations applied to them compared to Europe, Middle East and Africa (EMEA). About 51% of North American companies did not know which regulations applied to them, while only 12% of EMEA businesses were unaware of the applicable laws.

Does the company come under the jurisdiction of any of these laws?
Source: Data Compliance SurveyOpens a new window

Also read: Email Marketing Compliance: 5 Platforms That Comply With Data Privacy Regulations

2. About Two-Thirds of Companies Are Not Compliant

The survey found that 62.4% of companies are not completely compliant with privacy regulations that apply to their region. Only about 37.6% of companies were fully compliant with the applicable laws, such as GDPR, CCPA, and Virginia CDPA. Having said that, businesses in EMEA were closer to being fully compliant than those in North America.

Is the company compliant with any applicable regulations?
Source: Data Compliance SurveyOpens a new window

3. About Half of Companies Had To Make Changes to Their Martech Stack

Becoming regulation-compliant is not an overnight process and comes with a few changes involving data collection and retention processes, third-party providers, and technology stacks. The survey found that about 44.7% of companies had to make changes to their martech and technology stacks. Additionally, while most companies spent less than $1,000 to make these changes, about 5.9% had to spend at least $10,000.

Some of these companies that made changes to their stacks involved email service providers (ESPs). For a few others, changes involved auditing and changing the data collection process or third-party data providers. The study found that 20% of companies changed their ESP while 40% implemented double opt-in consent.

4. EU Appears More Privacy-Conscious Than North America

An interesting finding from the survey was that more than three-quarters (76.7%) of the surveyed respondents believed that the European Union (EU) is more conscious about privacy than North America. While a significant number of businesses from EMEA agreed with this statement, even several North American respondents agreed with it. EMEA businesses are also seen to be more rigorous about compliance and more likely to change their tech stacks to remain compliant. Moreover, they were seen to spend more on making the changes. About 28.4% of businesses from EMEA spent more than $1,000 to make changes, while about 25.3% of companies from North America did so.

Did the company have to add or make changes to the existing stack to stay compliant?
Source: Data Compliance SurveyOpens a new window

Also read: As High As 83% Companies Stepped Up Data Privacy Management: TrustArc Global Survey 2021

What This Means

Staying compliant with data privacy regulations is critical as not staying compliant can have legal consequences in the form of hefty penalties. The response from companies that say they are not fully compliant is concerning. While having partial compliance is better than none, it still is not enough. Besides hurting the business, non-compliance could impact customers’ data safety, business reputation, and success. According to IBM’s Cost of a Data Breach ReportOpens a new window , the breach cost increased from $3.86 million to $4.24 million during 2020-21. This cost can be easily avoided by staying compliant.

Finally, according to a recent survey by KPMGOpens a new window , data privacy is a growing concern for 86% of people. Hence, staying compliant gives the users confidence and helps the organization gain a competitive advantage over those not compliant.

Hence, organizations should make the necessary changes in their policies, processes, and technology and develop data governance programs to ensure compliance with regulations.

What changes have you made to stay compliant with data privacy regulations? Do share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .