Press Release

Baker Tilly Poll Shows GDPR Compliance and Privacy Governance Still a Challenge for Most Organizations

CHICAGO (January 28, 2019) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates that while the number of respondent organizations that believe they are compliant with the General Data Protection Regulation (GDPR) increased more than 20 percent in the eight months following the May 25, 2018 enforcement date, nearly 67 percent of companies responding to the poll are still not compliant. Additional data showed 36 percent of respondents identified information technology (IT) as responsible for data privacy at their organization.

“Privacy governance is relatively immature with organizations only beginning to incorporate it into their strategy,” David Ross, principal and growth leader of Baker Tilly’s privacy and cybersecurity practices, said. “At its core, privacy is a risk-based issue, not an IT or security problem. A sustainable privacy program requires a multi-disciplinary approach that incorporates governance, compliance and risk management disciplines from senior management, finance, IT, security, HR and other functional areas.”

“GDPR is becoming the de facto standard for privacy regulations in the U.S. and across the globe. If an organization is compliant with GDPR, the organization is already approximately 90-95 percent compliant with the California Consumer Privacy Act,” Mike Vanderbilt, director with Baker Tilly’s privacy practice, said. “Working toward a sustainable privacy program enables an organization to pivot and adapt as new regulations unfold.”

Baker Tilly recently held an educational webinar, “The rise of privacy: a risk-based approach to privacy oversight, compliance and management,” providing insight into how organizations can prepare for enforcement, ongoing monitoring and compliance in an evolving privacy regulatory landscape.

The webinar presenters discussed how to:

  1. Identify current and developing privacy regulations and emerging risks that impact oversight
  2. Assess the benefits, challenges and ultimate impacts of an integrated privacy oversight, compliance and risk management program
  3. Optimize a privacy assessment to enhance internal and external stakeholders’ trust and confidence in the organization’s data security and privacy processes and controls

Presentation slides and a recording of the webinar are available at

About Baker Tilly US, LLP (

Baker Tilly US, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit or join the conversation on LinkedIn, Facebook and Twitter.