Video: Are you ready for GDPR?
Despite all the talk about GDPR, as we are entering the final stretch before it kicks in, there's a lot of fear, uncertainty, and doubt. GDPR is complex, and many aspects of how it will work in practice remain unclear even for experts. ZDNet discussed it with a wide range of experts, aiming to decipher the real-life applicability and impact of GDPR.
Read also: GDPR: These are the organisations which are least prepared[1]
In this first part, we focus on the reasons why most organizations are not ready to deal with GDPR, the chances of US-based organizations being scrutinized under GDPR, and the process and expectations for individuals wishing to exercise their rights under GDPR. The second part will cover GDPR on premise and in the cloud, and its impact on data governance, transparency, and innovation.
Are organizations evading GDPR?
A starting point for this discussion was the fact that, according to many surveys[2], most organizations will not be ready for GDPR on May 25, which makes one wonder: Is it because they did not manage to get it right in time, or could it be a strategic decision, factoring in the actual possibility of being audited and the complex landscape of enforcement?
Read also: GDPR: A boon for privacy or choking regulation? [3]
Andrew Burt, chief privacy officer and legal engineer at Immuta[4], said that neglecting GDPR could be extremely costly for organizations, given the fines it levies for non-compliance (up to 4 percent of global revenue). So, he doubts that organizations will look at the regulation, perform a cost-benefit assessment, and decide it's in their strategic interest to ignore it.