From May 25, the General Data Protection Regulation will be enforceable. This document is aimed at protecting the right to privacy of European Union citizens anywhere in the world. Any company that has EU employees or clients must have a plan for how to comply with these regulations.
Many companies were unaware that these regulations affected their company. Particularly of concern are those businesses that deal with finances.
A survey by Reed Accountability and Finance discovered that less than one in four financial enterprise admit they are prepared for GDPR. In fact, 77% say they are not. Only 10% said they were partly or completely prepared.
Over half said they have taken part in training workshops. Some companies have updated their malware and anti-virus software. Some have hired Information Technology specialists to complete this work.
Companies found in non-compliance after May 25 could face the higher of 20 million Euros or 4% of their annual earnings.
While this is an unsettling statistic, financial organizations are not alone. Some companies were quite comfortable assuming GDPR did not relate to them. This is true of any business not located in an EU state. Many public, private and voluntary organizations assumed they were exempt.
This is not so. As many of them are discovering, if they have dealings with EU citizens who are clients or employees, they must have in place a plan for informing individuals of their rights. Individuals must sign consent forms agreeing to the collection, processing, storage and use of their personal data.
Moreover companies like financial institutions, must have a process for informing clients and employees of their rights to access their personal data files, to request corrections, to delete files, to modify files and to move files to another company.
Several companies have already decided they will be collecting and retaining less personal data in the future because of the time and labour required complying with GDPR regulations.