A recent Privacy report conducted by IAPP (International Association of Privacy Professionals) has found that only 44% of companies surveyed believe they are compliant with the GDPR
Considering the GDPR came into force on 25th May, and we are now 5 months down the line, why is it that so many organisations are still not meeting their data protection requirements?
Research conducted before the compliance deadline by Deloitte, found that a tiny 15% of organisations would be compliant before 25th May, and a study by Gemalto after the deadline, found that 68% of IT professionals believed their organisations were failing to carry out all procedures in line with the new data protection laws.
The biggest problem is not an unwillingness to comply, but the sheer size of the work involved. The GDPR is not a single goal, which can be achieved and ticked off at complete. It is in fact, a regulation designed to priorities data protection in all business practices, and addresses, not only the historic data which a company holds, but also ongoing requirements in collecting, managing and storing data.
Quickly following the GDPR, countries around the world started to introduce their own new data protection laws,
Using the GDPR as a model, but each having their own features for consideration. In the UK we saw the implementation of the Data Protection Act 2018, as did Belgium and many other EU countries. Countries outside the EU also started to implement their own versions of the GDPR.
Considering the multitude of requirements demanded of companies, it is no surprise then that we are not all ready yet.
GDPR is here to stay and businesses need to address ongoing compliance with a long-term plan and "To Do" list
Many companies will have begun by auditing data held, and identifying responsibilities and accountability for that data, but organisations do not stay the same. Technology is fast paced, and new processes and projects are developing all the time. An initial data audit done before May 2018 is most likely no longer accurate.
The need then now is to stay compliant, and by implementing processes to manage data effectively, companies can ensure that they are satisfying the requirements of the GDPR.
If you are still looking for a way to address ongoing compliance, visit www.i-comply-gdpr.com to see what we can do to help.