The enforcers of GDPR are largely unprepared to implement policing regulations by May 25, according to Reuters. In response to a survey of 24 GDPR authorities, 17 revealed they have inadequate funding and minimal power required to meet their regulatory obligations.
Some watchdogs are waiting on their country's governments to remediate laws in compliance with GDPR before the May 25 deadline. The Reuters' survey indicates that some enforcers "will be weaker than the bloc's anti-trust authority run directly by the European Commission," according to the report.
Only five respondents said their jurisdiction has the laws and funds in place to properly fulfill their commitments to oversee companies with headquarters in their jurisdictions.
GDPR has been a long time coming and the closer it gets the more clear it becomes that compliance is a seat-of-the-pants ride.
Compliance comes with a price tag but resisting compliance can just about triple the cost. For regulators within the EU, opting out is not an option. However, for some international companies that serve EU citizens, but are not headquartered there, withdrawing services is an option.
Unroll.me, an email subscription management company, announced it will delete the accounts of EU customers on May 24. Because Unroll.me sells users' data to third parties, it would be unable to legally fulfill GDPR's obligations.
Still, companies that intend to commit to GDPR's standards had the time to prepare and implement the necessary talent and protocols. To industry observers, it is slightly unnerving that one-third of organizations don't think GDPR will impact business in the EU and only half of companies are fully or somewhat complaint as of last month.
Many expect the U.S. to adopt similar user protections. Facebook, for example, is honoring its foreign responsibility with GDPR and is working to slowly adopt the heart of the regulation in phases for American users.