Data compliance survey: How seriously are businesses taking data privacy laws?

Data Compliance Survey: Main takeaways

Our Data Compliance Survey showed that a large number of businesses are still not compliant with local data protection laws and regulations, and also highlighted the role technology and third-party providers play in this process.

Here are the main takeaways we found from surveying 1000 professionals:

• A full 62.4% of survey respondents said that their company isn’t “completely compliant” with the data regulations that apply to them, including GDPR, CCPA, and CDPA.

• A quarter (24.4%) of respondents don’t even know which data regulations apply to them.

• Nearly half (44.7%) of our respondents’ companies have had to add or change their marketing technology to comply with applicable data regulations.

• Some respondent companies report spending $10,000 or more each year to remain compliant with data regulations.

Read on to discover what changes companies have implemented, and the different ways in which North American and EMEA organizations think about data protection.

Data laws around the world

Across the globe, different governments have passed different regulations regarding data privacy, which companies need to know about – and comply with – if they want to do business in certain areas.

Most of our survey respondents were based in EMEA (65.4%) and North America (21.7%), which means that almost all organizations represented in the study fell under GDPR, CCPA, and/or the CAN-SPAM Act.

But understanding what laws apply comes down to knowing not only where the business operates, but also where its customers are based. 61.6% of respondents said they handled data from the EU, which requires GDPR compliance. A smaller number of respondents handled data from the UK (21.9%), California (21.1%), and Virginia (17.2%).

However, while most companies know where their customers are based, not as many are aware of the data privacy regulations that apply to them. In fact, nearly 25% of respondents said they didn't know if they fell under any jurisdictions.

Businesses’ compliance with data laws

No matter their knowledge level, most respondents were not following their region’s data laws. Only 37.6% of respondents told us that they’re fully compliant with GDPR, CCPA, the new Virginia CDPA or other applicable regulations.

There is a small bright spot – EMEA businesses are closer to being fully compliant than North American companies. While the number of “completely” compliant organizations in EMEA and North America was pretty similar, there were more EMEA respondents that claimed their businesses were “mostly” compliant.

But, even though some compliance is better than none, it still isn’t enough. You may think that being “mostly” compliant is okay, but it has bigger consequences than you’d realize. Any kind of non-compliance with data privacy laws affects your customers’ data safety, your business success, and your reputation.

How businesses have adjusted to achieve data compliance

As we can see, complying with data privacy regulations helps you avoid negative outcomes in the future, and ensures the success of your business. Good, right?

But complete data regulation compliance doesn’t just happen with a wave of a hand. It often requires companies to change the ways they gather and use personal data. That includes revisiting existing data collection and retention processes and looking at technology stacks and third-party providers to see where they can be improved.

A large portion of our respondents honed in on technology stacks in particular – when asked, 44.7% of them said they’d had to make changes to them. And, while most businesses spent less than $1,000, some (5.9%) had to spend $10,000 or more.

Regardless of the money and time that is spent on these changes, they’re undeniably important – especially in the email space. ESPs and assorted validation tools handle huge amounts of customer data, and using an EU-compliant ESP or validations tool – like Mailgun’s verification service – is crucial to ensure data safety and avoid the (sometimes literal) costs of non-compliance.

For some businesses, this has required auditing and changing their data collection processes and third-party providers. The survey found that 40% of respondents have implemented double opt-in consent and 20% have changed their ESP to become compliant.

How EMEA and North America view data privacy

While we’ve reviewed some similar uncertainties and actions in our respondent groups, it’s interesting to see how each region treats data privacy. Overall, 76.7% of respondents said that the EU appears to be more privacy-conscious than North America. While even North Americans generally agreed with this sentiment, it was more widespread in EMEA.

And when we looked at the results for each region, the data agreed with the respondents’ hypothesis. More than 50% of NA respondents didn’t know what data protection laws applied to their businesses, while in EMEA that number dropped to only 12%. Go, EMEA!

As we have seen before, EMEA businesses are often more rigorous about compliance. They were also more likely to change their technology to be compliant with laws (49.5% compared to NA’s 35.4%), and they tended to spend more money doing so – 28.4% of EMEA respondents spent over $1,000 for compliance changes, compared to 25.3% of NA respondents.

So, it’s obvious that EMEA companies consider data privacy to be a bigger deal than North America. However, no matter what the local attitudes are, it’s important to note that data privacy affects everyone equally. No matter where you are, it needs to be one of your top priorities.

What to remember about data privacy

All has been revealed – as it turns out, our survey showed that a minority of respondents comply with applicable data privacy laws. But compliance is a must-have if you want to avoid fines, angry customers, and other not-so-fun consequences.

Additionally, relying on compliant third-party providers – like Mailjet’s email marketing platform, Mailgun’s sending infrastructure, or Mailgun’s Verifications – will help you protect your consumer data, maintain your customers’ trust, and avoid the legal and financial consequences of non-compliance. So keep your private needs private, and do the public work that needs to be done. Trust us, it’s worth it.

Still not sure if your business is GDPR compliant? We’ve got a kit full of resources to help you audit your data collection processes and third-party providers.

Want to make sure you never miss another trendy-or-trending email marketing moment? Sign up for our newsletter and get the latest email news in your inbox!