GDPR: A few days left, but a long way to go
UPDATE: May 23, 2018: This story has been updated with additional information.
With GDPR taking effect Friday, many businesses are putting the final touches on and rolling out compliance measures while others break a sweat as compliance lags behind schedule.
Companies have had two years to work on GDPR compliance, but estimates show that anywhere from one-third to 60% of businesses will not reach compliance by the deadline.
Fanfare has accompanied recent rollouts of GDPR tools and processes from Microsoft, Google, Twitter and Facebook. After all, if a business is only as good as its partner ecosystem, making sure vendors and platforms are compliant is critical.
The path to compliance is twisting, filled with detours, alternate routes and dead ends. But ambiguity about the means to achieve GDPR's ends doesn't have to be a bad thing.
"You have to understand that obviously tech companies are going to evolve," said Ashley Slavik, senior counsel and global data protection officer for Veeva, in an interview with CIO Dive.
"That's what's really nice about these requirements: There's not a lot of black and white, and if you can show you're accountable over time and demonstrate how you've embedded it into your product and process, I think you'll be fine."
For example, some companies are differentiating data practices in the European region, while others are expending updated data protection protocols across global users.
Organizations want to use data better, and putting the processes in place to manage and store data and maintain accountability to users can help all businesses in the long run. "When I think about GDPR, it's about putting the individual in the driver's seat," said Slavik.
No one knows exactly what will happen after May 25. A grace period could take place, as regulators figure out how they want to enforce GDPR, understanding that compliance is a long, arduous process. But the EU may look to immediately make an example of businesses that ignore new mandates or fail to prioritize them accordingly.
Whether trying to define GDPR, identify next steps or determine how the rest of the industry is faring, here's a wrapup of some of the biggest news and trends relating to the EU's upcoming regulation:
Through the paths to compliance, a few clear lessons and trends are emerging: Companies need strong leadership and they need to play the long game. Read More >>
Attorneys have pinpointed the Civil Rights Act of 1964 and the ban on national origin discrimination as a potential source of contention for GDPR in the U.S. Read More >>
In response to a survey of 24 GDPR authorities, 17 revealed they have inadequate funding and minimal power required to meet their regulatory obligations. Read More >>
Jen Brown and Raymond Umerley are both dedicated full-time to data protection and compliance, but for many organizations the role of DPO "may be one of many hats" that someone has to wear. Read More >>
VP of Compliance Crispen Maung led Box's compliance efforts, working with regulators to establish Binding Corporate Rules and drawing inspiration from industry-specific data protection protocols in place. Read More >>
The regulatory or punitive responses global and domestic regulators coalesce around now in response to the social media company's recent data scandal will send rippling effects through the enterprise and technology communities. Read More >>
GDPR is forcing companies in the U.S. to revisit previously accepted standards, with organizations looking to Europe's "high water mark" for privacy, according to Eric Johnson. Read More >>
Despite recognizing costs of noncompliance, only 40% of global businesses know where their service providers' data centers are located and where data is stored. Read More >>
If close to one-third European Google users decide to opt out of data sharing when GDPR comes into effect in May, it could translate to a 2% impact on the company's ad revenue. Read More >>
Follow Alex Hickey on Twitter