‘Very few companies are going to be 100 percent compliant on May 25th’
The General Data Protection Regulation will go into effect on May 25th, and no one is ready — not the companies and not even the regulators.
After four years of deliberation, the General Data Protection Regulation (GDPR) was officially adopted by the European Union in 2016. The regulation gave companies a two-year runway to get compliant, which is theoretically plenty of time to get shipshape. The reality is messier. Like term papers and tax returns, there are people who get it done early, and then there’s the rest of us.
In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. “Very few companies are going to be 100 percent compliant on May 25th,” says Jason Straight, an attorney and chief privacy officer at United Lex, a company that sets up GDPR compliance programs for businesses. “Companies, especially US companies, are definitely scrambling here in the last month to get themselves ready.” In a survey of over 1,000 companies conducted by the Ponemon Institute in April, half of the companies said they won’t be compliant by the deadline. When broken down by industry, 60 percent of tech companies said they weren’t ready.