GDPR fines could hit 50% of US organizations

A recent study has revealed that 50% of organizations affected by the EU General Data Protection Regulation (GDPR) will not be in full compliance by the end of 2018.

The study also revealed that roughly 80% of US organizations are unaware, unprepared, or not concerned about the GDPR.

Worrying statistics for GDPR compliance

Key findings:

  • 29% are unaware of the GDPR’s relevance to their organization
  • 27% are concerned about the GDPR but have no plan in place
  • 23% are not concerned about the GDPR and have no plan in place
  • 21% are concerned about the GDPR and have a plan in place

Key changes for US organizations under the GDPR

Every US organization that processes or shares EU residents’ personal data now has only just over six months to comply with the Regulation.

With the compliance deadline looming, it’s important to understand what the GDPR is and what your organization must do to comply. The Regulation introduces a number of key changes, including:

  • The appointment of a data protection officer (DPO) will be mandatory for certain organizations
  • Rules around valid consent
  • Restrictions on international data transfers
  • Data processors will have direct legal obligations and responsibilities
  • The introduction of data protection impact assessments (DPIAs)

Find out more about the impact on US organizations >>

Organizations found to be in breach of the Regulation could face administrative fines of up to 4% of their annual global turnover or €20 million (US$21.3 million) – whichever is greater.

Clear and comprehensive guidance on the GDPR

It’s important for organizations to understand what they must do to comply, and not to underestimate the length of time it will take to dismantle, rebuild, adjust, or amend their current data protection system.

We recommend that you read November’s book of the month, EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide.

Its practical approach to various aspects of the GDPR will be of value to DP practitioners in organizations of all sizes.

Laura Linkomies, Privacy Laws and Business Report, September, 2017

This must-have guide covers a wide range of topics, including:

  • The Regulation in terms you can understand
  • The obligations of data controllers and processors
  • Guidance on the DPO role
  • What to do with international data transfers
  • Data subjects’ rights and consent
  • Guidance on DPIAs, including the how, when, and why of conducting one

Buy before the end of November to save 10% >>