While the General Data Protection Regulation goes into effect on May 25 there seems to be no guarantee that businesses and organizations will be ready.
GDPR is aimed at protecting the personal data of all European Union citizens anywhere in the world. So, any company, anywhere in the world with EU employees or clients must have a plan for GDPR regulations and a way to ensure that individuals have their rights clearly understood.
Businesses, particularly those outside EU states, are often unaware that GDPR legislation and penalties apply to their company.
Survey companies have been busy polling companies about their level of preparedness for GDPR. A survey of company directors noted that slightly more than half of those questioned felt that their enterprise will be ready for the GDPR. Some heads of companies admit to being unsure of how GDPR actually applies to them. A few were even sure, and wrong, about GDPR having no bearing on their company.
It was also pointed out that number of companies that expressed high confidence in their readiness to meet GDPR deadline has declined in the past six months.
Nearly 700 companies responded to this April poll. The results of this study are consistent with a survey conducted by Janco Associates of American companies which do business with EU citizens. Only one in three American companies said they were ready for GDPR.
There are various theories about why companies are admittedly not ready for GDPR. There is a lack of understanding that your company must comply even though it has no sites in EU states.
Another reason is the high cost of having a procedure in place. The complexity of GDPR and the labour required to be compliant is also a concern. Some companies have adopted the attitude: let them find me in non-compliance. It will be cheaper to pay the fine.