Privacy professionals will probably never be able to forget the lead up to the EU General Data Protection Regulation, no matter how hard they try. Plenty of McDermott Will & Emery and the Ponemon Institute. In their survey, released in April 2018, 40 percent of respondents said they would be GDPR compliant after May 25. Financial services, tech and energy companies were more confident they would be ready before the big day.
Now the first anniversary of the GDPR is only weeks away, privacy professionals and government officials, such as EU Commissioner for Justice, Consumers and Gender Equality
Respondents cited the need to make comprehensive changes in business practices as the top barrier for GDPR compliance at 64 percent in 2018. Nearly one year later, Schreiber expects it to be a similar concern when respondents are polled again.
“We still have too little time and it's a year later,” Schreiber said. “We expect 50 percent of covered companies are still in the process of GDPR compliance and it will likely go on for another couple of years.”
Companies in the EU expressed higher levels of confidence to address the GDPR’s right to be forgotten was only second to preparing for data breach notifications as the GDPR obligation that post the greatest risk. Schreiber said while his firm has seen data subject access requests, the RTBF has not factored into many of those inquiries in the first year of the GDPR.
There are still plenty of GDPR-related issues for organizations to tackle. Schreiber cited the identification of GDPR scope and coordinating GDPR compliance across decentralized organizations, the appointment of representatives within the EU, and determining the proper role of IAPP Global Privacy Summit kicks off this spring.