Peter Drucker once said, “Plans are only good intentions unless they immediately degenerate into hard work.” With less than six months remaining before the new European privacy directive goes into operation, I am afraid that many companies – especially U.S. companies – are suffering from an excess of intentions and a shortage of hard work.
In case you’ve missed it, a new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation, or GDPR) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers.
The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights; strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR. This is not just a problem for European-based companies. If your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then all the provisions of GDPR apply.
Consider the following GDPR datapoints:
- Openprise, the leader in data orchestration solutions for marketing and sales, polled 508 Dreamforce conference attendees in San Francisco earlier this month on their awareness of the General Data Protection Regulation (GDPR). “Only about half of survey respondents at Dreamforce were aware of GDPR, and the number is even lower (43%) for those in sales and marketing.”
- “The reality is that most US-based marketers are just now beginning to understand what GDPR is, and they're quickly realizing that failing to comply is not an option.” (Julian Archer, Senior Research Director at SiriusDecisions)
- “Over half of firms listed in the FTSE 350 and Fortune 500 are not preparing themselves in time for imminent General Data Protection Regulation (GDPR)… This is despite 94% of FTSE firms believing they are on track to implement GDPR, with the number rising to 98% among Fortune companies – suggesting they are significantly underestimating the technicalities of compliance.” (The Actuary)
- “…only 2 percent of IT pros in the U.S., 5 percent in the U.K., and 2 percent in the rest of the EU believe their companies are fully prepared for GDPR.” (Spiceworks)
- “Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.”
Is your organization ready to embrace a more rigorous privacy regime as espoused by GDPR? What is your organizational readiness to comply with GDPR when it becomes effective in May 2018? A recent survey by PwC shows that companies are planning to spend between $1 million and $10 million to comply with GDPR. How do you stack up?
Organizations cannot hope to meet this coming wave of regulation by approaching information privacy and security as an afterthought or by applying outdated and manual approaches to a set of problems that simply must be automated.