Many Companies Remain Unready for GDPR

On May 25, 2018, GDPR goes into effect. In June 2017, we addressed this question. Will Companies Be Ready for Europe’s General Data Protection Rule? Despite the long lead time, many firms remain unready for GDPR. In fact, the law was passed in April 2016.

What is GDPR? And why do many firms remain unready for it?

 

Background: What is the General Data Protection Rule (GDPR)?

As Dyfed Loesche writes for Statista:

“Anybody doing business in the digital realm should be able to tell you what GDPR is. And it constitutes a major EU data protection law update, effective on May 25, 2018. It seeks to ‘enhance the protection of personal data of EU citizens. In addition, it increases the obligations of firms that collect or process personal data.’ Thus, this rule does not just apply to firms based in the EU, but to all firms doing business with EU customers. Also, it applies to firms that don’t selling goods or services but monitor user behavior in the EU.”

Further, Nonprofit Times notes:

“The new regulations center around data privacy and transparency. They can be intimidating to read and interpret, especially with what’s at stake. Penalties of 4 percent of worldwide sales or €20 million, whichever is higher, in some scenarios.

Click here to go to the GDPR official Web site.

 

Why Many Companies Remain Unready for GDPR

Given the wide-ranging impact of this new rule, why are so many firms unready for GDPR?

Consider these observations from Brian Hughes, writing for Small Business Trends::

“The main issue many firms have is the mandate that consumers’ data must be reasonably protected. Yet, it doesn’t define what ‘reasonable’ specifically means. The data can include identity data, health records, Web information, biometric data, race and sexuality, and political beliefs. Larger firms need to reserve more time to follow GDPR than smaller ones. In particular, firms must consider which role they fulfill under GDPR. As a data controller or data processor.”

“A data controller decides how to use data and for what purpose. A data processor processes (adapts, records, holds, or obtains) personal data. Initially, it takes less time to prepare for GDPR for firms that act as processors. They only process data on behalf of the controller. However, the controller’s responsibility involves overseeing personal data. Both the processor and the controller share responsibility regarding how the data were processed.“

And to read more from Hughes, click the image:

In a recent infographic, Statista showed the readiness of firms. Dyfed Loesche says that:

“HubSpot asked 363 C-level executives in UK, Ireland, Germany, Austria, and Switzerland the activities they were doing to prepare for GDPR. In response, 44 percent said updating contracts and data protection policies. However, 22 percent ticked ‘none of the above.’ Of course, some CEOs risk a rude awakening. Why? Because the EU threatens heavy fines for those who don’t comply.”

 

MailChimp’s GDPR Tools

Early on, MailChimp (a leader in automated E-mails), recognized the challenges presented GDPR. As a result, it offers free tools for its clients — including those with free accounts — to aid them with compliance. As MailChimp says:

“The launch of ours new tools for GDPR compliance will make your life much easier when dealing with individuals or businesses in Europe. The GDPR rules apply to organizations based in the European Union as well as businesses that have customers and contacts there. MailChimp wants to simplify the process of getting ready for GDPR with easy to use tools to ensure you will be compliant with the new requirements. For small businesses communicating with individual customers or other organizations in the EU, it’s necessary to start taking steps to comply, if you haven’t already. As MailChimp sees it, the efforts it takes to comply with GDPR can also benefit you and your small business.”

Click the image to learn more about MailChimp’s GDPR tools.