• by Ray Schultz , August 7, 2018

Only 34.5% of companies can demonstrate compliance with GDPR. But 32.7% hope to be ready by the end of 2018, according to a survey by Deloitte.

Deloitte polled over 490 professionals. Of those, 11.7% are taking a wait-and-see approach to GDPR. 

A mere 13.6% are sure their organizations know what data third parties have, and are using artificial intelligence (AI) and other technologies to analyze and manage third-party contracts as required by GDPR. 

In addition, 56% have not yet finished the job of determining what data third parties have, or how GDPR could affect contract management. And 10.2% have not yet begun to address third-party GDPR compliance.

“Among the biggest GDPR compliance challenges is third-party contract management,” states Rich Vestuto, a Deloitte Risk and Financial Advisory managing director in discovery for Deloitte Transactions and Business Analytics LLP.   

He notes that, “under GDPR, organizations are responsible for ensuring privacy protection of EU-regulated data shared with or used by vendors and service providers, which requires those organizations to know who their vendors are and precisely what data those third parties hold.”

Meanwhile, 30.6% agree that discovery will be more difficult now that GDPR is enforceable. But 18.6% say the new law will make it easier, and 17.2% foresee no change to their discovery practices under GDPR.

Deloitte also found that 48.2% feel their data privacy programs are scalable enough to meet pending rules in jurisdictions other than the EU.

But 19.8% say their companies’ programs focus totally on GDPR, without such scalability 

Vestuto adds that "other jurisdictions beyond the EU are enacting more stringent data privacy protections.”