For all of the emphasis put on GDPR over the past six months, various reports find that woefully few companies actually met the May 25 deadline.
According to a study by Talend, an international data integration company, only 19 percent of companies thought they were ready for GDPR by the deadline, with 17 percent still in the planning stage and another 30 percent in the development stage.
That’s a very different number from other reports I saw regarding GDPR readiness. Digital Guardian shared a report from McDermott Will & Emery and the Ponemon Institute stating that 52 percent of organizations said they’ll be ready by May 25. That’s a big jump from 19 percent! However, in that same article, it stated findings from Gartner, which say it’s likely more than 50 percent of organizations won’t be in full compliance by the end of this year. And another study posted by Yahoo found that 85 percent of organizations wouldn’t be in full compliance by the end of May and 25 percent won’t meet full compliance by January 2019. At least this one is a closer to the Talend study, but quite different from the others.
What gives with the differences? I don’t have an answer to that, but I think it shows that so many businesses are struggling to truly understand GDPR. As someone said to me, it looks good on paper, but we won’t know how it works in real life until it’s tested. It could be that the companies responding to the study are unsure that their efforts are enough and others are over confident that theirs are. As an article in Reason explained:
The GDPR is long and complicated. It is so dry and ambiguous and monotonous that a meditation app called "Calm" offers a soothing bedtime reading of the 88-page regulation. Not everyone has the time to read and internalize such a dry and complicated document.
And if your company didn’t make the May 25 deadline? Isabelle Falque-Pierrotin, chairman of the CNIL, the French Data Protection Authority, said this in a statement from the Talend study:
Even if you’re not finished preparing for the GDPR on May 25th, this is not a problem. This is a learning curve, and we will consider, of course, that this is a learning curve. The role of the regulator is to be very pragmatic and to be proportionate. However, it’s important that you start today, not tomorrow.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba