One month till GDPR deadline – are you ready?

Research from international law firm says nearly half of firms will not be compliant in time

The deadline for businesses to be GDPR compliant is one month from now (25 May) with around 40 per cent of firms not expecting to be ready.

Law firm McDermott-Ponemon surveyed US and European companies on their understanding of the impact of GDPR and their readiness for it. It found that 52 per cent of firms would expect to be compliant on or before the 25 May deadline, with 40 per cent expecting to become compliant after the deadline. 8 per cent were not sure if and when they would achieve compliance.

What is GDPR for?

The General Data Protection Regulation (GDPR) aims to strengthen EU citizen’s data rights and hold firms more accountable to data breaches. If you own a company registered somewhere in the EU or own a company that deals with the personal details of EU citizens, then GDPR applies to your business.

Businesses struggling to be ready in time

One smaller business owner told GrowthBusiness that it was considering ‘farming out’ its data operations to third parties in order to be ready for today’s deadline. ‘Essentially, (GDPR) is all about giving customers the choice to opt back in or out of our marketing emails and it’s taking a long time to contact them all.’

He said that getting a quick response from customers and suppliers was proving more tricky.

‘We have hundreds of thousands of customers and suppliers that we are having to recontact and it’s proving a tough job to organise.’

It is common for larger firms to hold data on various servers and cloud storage services – making the job even more complex.

If businesses are not compliant with the new rules, set by the European Union, they will face a fine of up to $20 million or 4 per cent of turnover, whichever is higher.

What can you do if you miss the deadline?

It’s not ideal. But if you do, it’s unlikely that you’ll be hit with a huge fine if you can prove to the Information Commissioners Office (ICO) that you are putting appropriate systems on your data security in place, such as a clear roadmap for retraining staff in data protection and a full company audit being underway. Rather than being fined on-the-spot, the ICO are likely to return to your business in a year and analyse the changes you’ve made between now and then.

Further reading on GDPR

GDPR legislation: 5 simple steps to safeguard data

Michael Somerville

Michael Somerville

Michael was senior reporter for from 2018 to 2019.

Related Topics