Half of companies missed GDPR compliance deadline
Only half of companies achieved compliance with GDPR before the May 25, 2018 deadline, and most companies took seven months or longer to achieve readiness.
This is among the findings of a new report from privacy management platform DataGrail which also reveals that two-thirds of companies assigned dozens, or even hundreds, of employees to manage GDPR compliance.
Based on survey results, it's likely the average organization spent 2000 to 4000 hours in meetings preparing for GDPR, while half of privacy management decision makers spent at least 80 hours personally preparing for GDPR, and another 80 hours to sustain compliance
"Businesses without a European presence were not impacted by the GDPR. However, with the CCPA fast approaching, US businesses without GDPR are experiencing the same challenges that multinational companies did with GDPR," says Daniel Barber, co-founder and CEO of DataGrail. "Most companies reported taking at least seven months to achieve GDPR readiness, but now with CCPA only seven months away, they realize their systems will not support CCPA and other forthcoming privacy regulations. Companies will need to integrate and operationalize their privacy management to avoid the time-consuming and error-prone manual processes to comply with these regulations."
The report shows half of companies use manual processes to manage GDPR privacy rights requests, such as the right to be forgotten. Two-thirds of companies have processed at least 100 requests in the past year, across dozens of business systems and third-party services, and most of them have at least 25 employees involved in request management. 90 percent of companies plan to hire at least three new employees in the next two years to manage privacy regulations.
"It is evident from this research that most companies still rely on piecemeal technology solutions and manual processes, when they should be turning to privacy management solutions purpose-built for privacy regulations," adds Barber. "As companies turn their attention from GDPR to CCPA and beyond, they must operationalize sustained compliance to reduce risk, provide transparency for their customers, and control operational costs."
The full report is available from the DataGrail website.
Image credit: zaborgomel/depositphotos.com