So, with the European General Data Protection Regulation (GDPR) edging closer to becoming implemented, organizations are sitting tight, ready for the 25th of May deadline. The only correct fact made in the previous sentence was the deadline. Regrettably, the truth of the matter is that many enterprises are far from being prepared for GDPR.
A survey analyzing the preparedness of financial businesses has found that more than 50% of investment organizations around the world are unlikely to be ready for when GDPR is enforceable.
The research, which was conducted by Cordium and AmberGate and had over 250 respondents, uncovered some rather alarming results:
- That only 2% had finalized their GDPR policies
- Over half (59%) will fail to comply with the mandatory 72-hour deadline to declare a breach has occurred to the required regulators
Earlier this year, it was also found in a separate report that less than 10% of North American organizations are ready for GDPR.
With less than two weeks until GDPR is enforced, companies are playing with fire if they are found to not meet the standards set out by the legislation. Failure to comply will result in severe penalties being issued which could be as high as 20 million euros (about $24 million) or 4 percent of that organization’s global annual turnover, whichever is greater. It is also worth remembering that despite GDPR being a European regulation, the law applies to all organizations that store, process or handle European citizen data, even if the company does not operate in Europe.
If a company suffered a breach and was found non-compliant with GDPR, the reputational damage suffered will be detrimental and, in extreme cases, could lead to bankruptcy - that’s if the penalties issued by the regulators haven’t already initiated a negative domino effect.
With the aim to protect critical data, GDPR is something that enterprises shouldn’t fear but instead, embrace. Data breaches and cyber attacks have become synonymous with everyday news and so companies need to be showing they are doing their upmost to protect sensitive information. As with many regulations, resistance is futile; and in the case of GDPR, it should actually be seen as a way to improve data practices within enterprises for the greater good.
Recommended for You
Free eBook: Global Compliance - What the C-Suite Should Know about Compliance Regulations When Moving to Cloud Services