With only a few weeks until the European Union’s General Data Protection Regulation (GDPR) goes into effect, many businesses are finding themselves at risk of missing the deadline and facing hefty fines.

According to a recent study conducted by Cordium and AmberGate, more than 50 percent of investment firms globally are unlikely to be ready in advance of the regulation’s implementation date – May 25, 2018.

The study, which polled over 250 financial firms, revealed a striking lack of preparedness across the financial marketplace, with just 2 percent of surveyed firms stating they had implemented GDPR policies and procedures.

Furthermore, 59 percent of firms said they were unprepared to comply with the required 72-hour window to report a personal breach to regulators; and 64 percent said they were unprepared to respond to an exercise of data subject rights.

For companies who have not yet started their GDPR program – or are still in the early stages – missing the deadline could expose them to “significant compliance and reputational risk,” warned Michael Corcione, Managing Director, Cybersecurity and Data Protection Consulting Services at Cordium, in a press release.

“Lack of readiness is due to a failure by firms to understand their exposure to the regulation, as well as MiFID II’s earlier deadline, leaving GDPR to fall down the priority list. With just a [two-week] window, firms should be practicing these procedures, not defining them,” said Corcione.

When asked which area generated the most pressure to comply with GDPR at the moment, most respondents (45 percent) said it came from their own internal governance functions. Regulatory pressures followed closely at 39 percent, while 15 percent of respondents cited investors and customers as the source of the most pressure.

(Read more...)