General Data Protection Regulation (GDPR) enforcement will begin one year from Thursday, yet a quarter of companies polled by Guidance Software say they will not be be ready in time.
Nearly 25% of the 225 UK and US senior-level IT security executives surveyed by Guidance Software affirmed that their company will likely not be GDPR-compliant in 2018, while only 15.7% asserted they were in the advance stages of planning for GDPR. More than half of the companies polled had not yet begun evaluating third-party products or developer processes to identify data records of EU citizens.
According to the European Union’s GDPR Web site, organizations “in non-compliance will face heavy fines” after GDPR is implemented on May 25, 2018. After a written warning, companies can be sanctioned with regular data protection audits and a fine up to $20 million Euros.
Adopted by the European Union in 2016, GDPR is a data privacy regulation aimed at moderating how companies leverage consumer data for marketing purposes. The regulation applies to data controllers, or organizations that collect data, as well as data processors, the organizations that process data on behalf of the controllers. Any company that processes personal data of EU residents, regardless of the company’s location, will need to abide by GDPR.
GDPR also includes an opt-in clause, requiring data controllers to prove a consumer consented to having their data collected. A parent or custodian must provide consent for their children, and any subject can request a free copy of their personal information collected by data controllers. European consumers also have the right to be forgotten, allowing subjects to request their personal data be deleted.
Furthermore, companies must also notify member states within 72 hours of a data breach.