Most big companies say they’re ready for the General Data Protection Regulation (GDPR). But it depends on how you define ready.
In reality, many firms have not taken basic steps to ensure compliance, according to a study by the international law firm Paul Hastings.
Hastings surveyed general counsel and security officers at 100 FTSE companies and 100 Fortune 500 companies.
Of those, 98% of the Fortunate companies think they are set, compared with 94% of the FTSE enterprises.
But only 43% are setting up an internal GDPR task force, including 39% in the UK and 47% in the U.S..
And only 33% overall are hiring a third-party to conduct a GDPR gap analysis, and roughly the same percentage are hiring an outside consultant or counsel to assist with GDPR.
In addition, only 29% of UK companies are hiring a data privacy officer, compared with 18% in the U.S. And a mere 10% of UK firms have set a budget for GDPR compliance.
“Achieving GDPR compliance is an enormous task -- one that in our experience almost inevitably requires dedicated resources and budget.” Set against that backdrop, Behnam Dayanim, partner and global co-chair of the privacy and cyber security practice at Paul Hastings, states that “the confidence among major corporations revealed in our survey seems mismatched with those same businesses’ reports of their implementation efforts."
He adds, “With so few companies undertaking key compliance measures to date, it will be a race to the finish line for those needing to meet the terms of this wide-reaching regulation. This unfortunately seems to be setting up a scenario for multiple investigations and enforcement activities once the implementation date arrives.”