The study also revealed that roughly 80% of US organizations are unaware, unprepared, or not concerned about the GDPR.
Worrying statistics for GDPR compliance
- 29% are unaware of the GDPR’s relevance to their organization
- 27% are concerned about the GDPR but have no plan in place
- 23% are not concerned about the GDPR and have no plan in place
- 21% are concerned about the GDPR and have a plan in place
Key changes for US organizations under the GDPR
Every US organization that processes or shares EU residents’ personal data now has only just over six months to comply with the Regulation.
With the compliance deadline looming, it’s important to understand what the GDPR is and what your organization must do to comply. The Regulation introduces a number of key changes, including:
- The appointment of a data protection officer (DPO) will be mandatory for certain organizations
- Rules around valid consent
- Restrictions on international data transfers
- Data processors will have direct legal obligations and responsibilities
- The introduction of data protection impact assessments (DPIAs)
Organizations found to be in breach of the Regulation could face administrative fines of up to 4% of their annual global turnover or €20 million (US$21.3 million) – whichever is greater.
Clear and comprehensive guidance on the GDPR
It’s important for organizations to understand what they must do to comply, and not to underestimate the length of time it will take to dismantle, rebuild, adjust, or amend their current data protection system.
We recommend that you read November’s book of the month, EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide.
This must-have guide covers a wide range of topics, including:
- The Regulation in terms you can understand
- The obligations of data controllers and processors
- Guidance on the DPO role
- What to do with international data transfers
- Data subjects’ rights and consent
- Guidance on DPIAs, including the how, when, and why of conducting one