Gartner predicts that half of all companies that fall under the European Union General Data Protection Regulation (GDPR) will not be compliant by the May 25, 2018 deadline—and they say it won’t be long before we see our first multimillion euro fines start coming. Fortunately, the analysts at Gartner have a handy report to shed some light on the gray areas that abound throughout the GDPR: Gartner GDPR Clarity: 19 Frequently Asked Questions Answered. As a preview, we’ve worked up a few FAQs of our own.
1. Wait, does my organization need to comply with the GDPR?
We covered all the GDPR basics here. The short answer is: most likely. But according to a December 2017 survey, about one in four companies were still unaware of their GDPR compliance requirements. Moreover, many data security experts believe the GDPR is a sign of the direction data privacy and protection laws are headed, predicting that similar U.S. legislation isn’t far behind.
2. What are the criteria for GDPR compliance?
It’s vague. The regulation centers on the concept of “reasonable personal data protection,” but does not strictly define “reasonable.” Navigating GDPR gray areas has proven a costly challenge for most companies. According to a PriceWaterhouse Coopers survey, almost 70 percent of U.S. companies expect to spend between $1 million and $10 million to meet GDPR requirements. One in 10 said they expect to spend more than $10 million. Nevertheless, Gartner warns that many of them aren’t doing the right things—and half won’t be compliant by the May deadline.
3. What are GDPR compliance best practices?
There aren’t many, yet. That’s why the Gartner FAQ is so exciting. Gartner the key issues they’re hearing about from data security and risk management leaders about GDPR compliance, such as:
- The difference between a data controller and data processor
- Definition of “data processing”—and how to do it properly
- Gaining—and proving—subject consent
- How to build/amend your privacy notice
- The formalized role of Data Protection Officer (DPO)
- How to respond in the event of a data breach
- Strategies for optimizing compliance and mitigating risk
- Data geolocation and cross-border data transfers
- The cloud and GDPR
- Mobile devices and GDPR
4. Should I read the Gartner report?
ACCESS THE GARTNER REPORT: GDPR Clarity: 19 Frequently Asked Questions Answered.