Some Companies Taking ‘Wait and See’ Approach with EU Privacy Law GDPR

Some Companies Taking ‘Wait and See’ Approach with EU Privacy Law GDPR

The EU’s General Data Protection Regulation (GDPR) is set to go into effect May 25, and recent surveys have shown varying levels of preparedness for companies in Europe and out. The law applies to companies that control or process EU residents’ data, and many businesses are scrambling toward compliance.

About 33 percent of companies required to comply with the GDPR know how they will meet a requirement to notify supervisory authorities within 72 hours of learning about a data breach, according to a May 2018 study of in-house counsel around the globe by the Association of Corporate Counsel Foundation. Thirty-eight percent of respondents said their company has not yet decided how to meet the breach requirement, and 29 percent aren’t sure if their company has determined this.

Similarly, on an incoming rule about individuals’ requests for companies to delete their data — popularly known as a right to be forgotten — 34 percent of in-house counsel said their company has established a process for complying. About 40 percent said their company has not created a process for responding to these customer requests, and 26 percent don’t know, according to the ACC Foundation report.

Source: Sara Merken | Big Law Business