The deadline for businesses to be GDPR compliant is one month from now (25 May) with around 40 per cent of firms not expecting to be ready.
Law firm McDermott-Ponemon surveyed US and European companies on their understanding of the impact of GDPR and their readiness for it. It found that 52 per cent of firms would expect to be compliant on or before the 25 May deadline, with 40 per cent expecting to become compliant after the deadline. 8 per cent were not sure if and when they would achieve compliance.
What is GDPR for?
The General Data Protection Regulation (GDPR) aims to strengthen EU citizen’s data rights and hold firms more accountable to data breaches. If you own a company registered somewhere in the EU or own a company that deals with the personal details of EU citizens, then GDPR applies to your business.
Businesses struggling to be ready in time
One smaller business owner told GrowthBusiness that it was considering ‘farming out’ its data operations to third parties in order to be ready for today’s deadline. ‘Essentially, (GDPR) is all about giving customers the choice to opt back in or out of our marketing emails and it’s taking a long time to contact them all.’
He said that getting a quick response from customers and suppliers was proving more tricky.
‘We have hundreds of thousands of customers and suppliers that we are having to recontact and it’s proving a tough job to organise.’
It is common for larger firms to hold data on various servers and cloud storage services – making the job even more complex.
If businesses are not compliant with the new rules, set by the European Union, they will face a fine of up to $20 million or 4 per cent of turnover, whichever is higher.
What can you do if you miss the deadline?
It’s not ideal. But if you do, it’s unlikely that you’ll be hit with a huge fine if you can prove to the Information Commissioners Office (ICO) that you are putting appropriate systems on your data security in place, such as a clear roadmap for retraining staff in data protection and a full company audit being underway. Rather than being fined on-the-spot, the ICO are likely to return to your business in a year and analyse the changes you’ve made between now and then.