A vast majority of the world’s largest organizations believe they’re prepared for the General Data Protection Regulation (GDPR). But they’re not.
At least, that’s according to international law firm, Paul Hastings, which surveyed general counsel and chief security officers from 100 FTSE and 100 Fortune500 companies. Of those, 98% of the Fortune companies think they’re good to go on GDPR compliance, compared with 94% of the FTSE enterprises.
“Achieving GDPR compliance is an enormous task – one that in our experience almost inevitably requires dedicated resources and budget,” Behnam Dayanim, partner and global co-chair of the privacy and cyber security practice at Paul Hastings, stated.
Based on that criteria, very few of the major corporations surveyed by Hastings have actually taken the basic but necessary steps to ensure compliance:
- 43% are creating an internal GDPR task force, with 39% in the UK versus 47% in the U.S.
- 33% overall are hiring a third-party to conduct a GDPR readiness gap analysis, and roughly the same percentage are hiring an outside consultant or counsel to assist with GDPR
- 29% of UK companies report hiring a data privacy officer, which seems low until you compare that to 18% in the U.S.
- And as far as setting a GDPR compliance budget goes, a scant 10% of UK firms have done so
The new law – which will be enacted in May 2018 – impacts companies that do business with Europe, and how they collect, process, and store personal data about European Union (EU) citizens. Failure to comply risks fines of up to €20 million or 4% of global turnover, whichever is higher.
With time counting down and so few companies performing key compliance measures, Dayanim believes it’ll be a race to the finish line for those needing to abide by this disruptive and far-reaching regulation. “This unfortunately seems to be setting up a scenario for multiple investigations and enforcement activities once the implementation date arrives,” he added.