Note: This is the sixth of an ongoing series on GDPR. We’ll be preparing you all the way to May 2018 on topics like: Privacy Protection and Breach Notification, GDPR Compliance Strategies, GDPR Enforcement and Penalties, Potential GDPR Costs, GDPR Auditing and more. Subscribe using the button on the right and you’ll be updated when we post a new article.
Over the past few weeks, we have covered various topics that relate to GDPR. As with any regulation of this magnitude, the GDPR presents many, many challenges. Ones that most companies are currently facing (and will continue to face) as they attempt to achieve and maintain compliance.
Those challenges are what we will cover today.
A major challenge for U.S. companies is simply being aware of GDPR! In a surprising survey conducted in 2017, only 65% of companies in the U.S. were aware of GDPR compared to 90% of companies in the EU. This disparity could be chalked up to the fact that the regulation originated from the EU.
However, due to most modern businesses having at least some global aspects, any business in the U.S. that is not aware of GDPR is setting itself up for major problems — and probably massive financial impacts. Companies are also finding speed to be a challenge. Many weren’t sure that they could become compliant in time; 35% of U.S. companies weren’t sure they would be compliant by the deadline!
While many of the challenges businesses will face are technological in nature…many are process related.
Specific new requirements from GDPR relate to data subjects and their rights. A major change with GDPR is that a data subject will have the right to request a lot more information (regarding the collection and use of their private personal data) that is maintained and processed.
Businesses simply don’t know the volume of requests they will get from data subjects. Another challenge as it relates to data and data subjects is data notifications. GDPR requires that data requested is clear, concise, and easy to understand. One example of this is that many organizations will be forced to change their privacy notices to not be as vague as they have been in the past.
As the impacts of GDPR will reach across the entirety of the organization, businesses need to address this from a company-wide perspective. GDPR will not simply be solved with technology. Companies will need to understand that GDPR will set out new processes businesses will have to follow as well as the technological securing of data.
Certain aspects of procedures to track internal procedures of data protection activities are specifically laid out and expected by GDPR.
The biggest challenge businesses face is time!
Mary 25, 2018 is fast approaching and companies are running out of time to get in compliance with GDPR. Companies need to be aware of GDPR and specifically what impacts it will have on their business. It will be vitally important to be as prepared as possible when GDPR becomes effective.