According to a recent report, only 34.5% of nearly 500 professionals involved in GDPR compliance efforts say their organisations can defensibly demonstrate compliance with the legislation.
The European Union (EU) General Data Protection Regulation (GDPR) took effect May 25, 2018. GDPR aims to help individuals control who holds their personal information and enables regulators will be able to work in concert across the EU, rather than having to launch separate actions in each jurisdiction. Failing to comply can see a firm faced with a maximum fine of €20m (£17.5m) or 4% of the company’s global turnover.
The recent report by Deloitte found that one-third of respondents (32.7%) hope to be compliant within 2018, while 11.7% plan to take a “wait and see” approach amid uncertainty over how EU regulators in various countries will enforce the new regulation.
“The fact that the GDPR effective date has come and gone and many are still scrambling to demonstrate a defensible position on GDPR compliance reflects the complexity and challenges as the world of privacy rapidly changes,” said Rich Vestuto, a Deloitte Risk and Financial Advisory managing director in discovery for Deloitte Transactions and Business Analytics.
Only 13.6% of respondents are confident that their organisations know what data third parties have and are leveraging artificial intelligence (AI) and other technologies to analyse and manage third-party contracts for GDPR compliance.
The majority (56%) said they aren’t done discerning what data third parties have or the potential implications of GDPR on third-party contract management. While 10.2% have yet to begin addressing third-party GDPR compliance at all.
Vestuto added, “Among the biggest GDPR compliance challenges is third-party contract management. Under GDPR, organisations are responsible for ensuring privacy protection of EU-regulated data shared with or used by vendors and service providers, which requires those organisations to know who their vendors are and precisely what data those third parties hold. Updating or renegotiating contracts and agreements may help ensure third parties are GDPR-compliant when using your organization’s EU-regulated data.”
Following GDPR, discovery will be harder for their organisations now according to 30.6% of respondents. However, 18.6% expect discovery to actually become easier under GDPR.
Nearly half of respondents (48.2%) say their organisations’ data privacy programs are scalable to address pending rules in other jurisdictions even if their immediate focus is GDPR. Also, 19.8% report that their organisations’ programs are focused solely on GDPR without scalability.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst