Following four years of preparation and debate, GDPR was approved by the European Parliament in April 2016, the official texts and regulation of the directive were then published in all of the official languages of the EU in May 2016. The legislation came into force across the European Union on May 25, 2018.
The parliament warned that any company doing business in a European country and used personal data of EU citizens, no matter where that company was headquartered, would have to comply with the regulation.
But here we are 16 months after it was enacted, and seven years since it was first mooted, and numerous research reports indicate that enterprises across the world are still struggling to comply with the new rules.
There were other striking findings in the 68-page report, Keeping Pace in the GDPR Race, the most notable:
- One-quarter of respondents on average in all countries say their readiness and confidence to respond to a GDPR data breach is very low.
- Only 18% of organizations were highly confident in their ability to communicate a reportable data breach to the relevant regulator(s) within 72 hours of awareness.
- Nearly half (49%) of Chinese respondents and more than one-third (36%) of Japanese respondents subject to GDPR are still not familiar with this regulation.