If your company is scrambling to meet the European Union’s May 25, 2018 GDPR (General Data Protection Regulation) compliance deadline, you’re not alone. According to a survey by law firm Blake Morgan Research, nine out of ten businesses have not made crucial updates to their privacy policies. A full 23 percent admit to being unaware of the new data protection laws.
Additional results of the Blake Morgan survey reveal an even starker picture of GDPR readiness:
- Only around one in ten businesses (13 percent) had updated privacy policies, one of the significant requirements of GDPR.
- Around one in five businesses (21 percent) did not have a senior person in place responsible for data protection.
- More than three-quarters of businesses (76 percent) had not put in place systems to ensure notifications of data security breaches are in accordance with GDPR requirements.
- More than three-quarters of businesses (77 percent) had not reviewed their data processing contracts, which will be under greater scrutiny under GDPR.
What is GDPR?
GDPR gives EU citizens control over the privacy of their personal data. Enacted in 2016 with a two-year adoption grace period, GDPR is expected to impact all organizations worldwide that handle the data of EU citizens– not just companies located in the EU.
Understandably, many organizations are concerned about their ability to show they comply with GDPR by May 25. Leaders in IT, legal and privacy roles worry about their companies’ readiness to meet specific GDPR mandates. These include being able to locate and target specific data; having visibility into who is accessing what data and knowing when to delete it; and being able to automate data removal when an EU citizen requests it.
Given the large number of organizations that admit to being unprepared, the potential for widespread penalties is high. The cost of non-compliance with GDPR is severe, and can be as steep as 4 percent of annual global turnover or €20 million (currently about $25 million), whichever is greater. GDPR guidelines and penalties apply to any member of the supply chain who processes EU citizens’ data.
CaaS Emerges to Relieve Compliance Concerns
This uncertainty and unpreparedness is exactly why organizations are looking at Compliance-as-a-Service (CaaS) as a cost-effective alternative to achieving, managing and sustaining compliance regulations. It takes the guesswork out of complying with complex, ever-changing certification standards and regulations such as GDPR, PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act) and puts it into the hands of a trusted provider.
HOSTING’s Compliance-as-a-Service (CaaS) provides access to knowledge, tools and expertise businesses require to meet compliance standards. Ultimately, reducing the complexity and cost of risk management, while helping mature business processes and programs through solutions built on industry standards and best practices. HOSTING’s CaaS will reduce the complexities of maintaining a strong risk posture and shift your businesses focal point back to your core competencies. Contact HOSTING to learn more.
About the Author
Chris Riley – Chief Information Security Officer – HOSTING
With 20 years of Technology, Security and Governance experience, Chris has an extensive record defining technology and managing high performance teams. He is passionate about IT development, security compliance, and has enjoyed framing technology challenges into business opportunities in a variety of industries.