Missed GDPR Deadline? 6 Steps You Need to Take Right Now

by Chris Sienko on September 28, 2018

Despite the recent mad dash to comply with European Union’s General Data Protection Regulation (GDPR), many organizations missed the May 25 deadline. We all saw the flurry of activity to get ready — as email inboxes were flooded with resubscription requests from businesses, and just about every website began showing a popup about privacy and cookies. But despite the race to be ready for GDPR, a large number of organizations are still not compliant.

When ISACA surveyed 6,000 business/IT professionals around the world the week before the deadline, only 29 percent said their organizations were GDPR-compliant — and only 25 percent of the remaining expected to be compliant by the end of 2018. Results of an April 2018 Ponemon Institute survey were worse still: Only half of the 1,000 surveyed U.S. and U.K. companies expected to be ready.

Cost of implementing the regulation may be one of the major barriers. But consider this: The cost of noncompliance could be just as steep.

Data privacy management company TrustArc found that of 600 surveyed organizations, a third spent more than $500,000 to prepare for GDPR and 25 percent spent more than $1 million (with another third estimating to spend half a million by the end of the year). To put that into perspective: Non-compliance fines could add up to 4 percent of annual revenues or 20 million euros (about $23 million in U.S. dollars as of August 2018).

While smaller businesses are less likely to be affected than large, multinational enterprises, even small organizations are not necessarily off the hook. Any business that processes any amount of data needs to pay attention to this major change. If you’ve missed the GDPR deadline and are trying to catch up, here are the steps you need to take right now.