Are you sure?

1 in 5 firms see compliance with GDPR as impossible - EY

Most companies are unable to fully satisfy the terms of the EUʼs General Data Protection Regulation (GDPR), and about one-fifth of firms believe that it is impossible to fully comply with the terms, according to research by Big Four professional services firm EY.

EY and the International Association of Privacy Professionals (IAPP) asked 550 privacy professionals internationally about their thoughts on the EUʼs GDPR regulation.

Most (76%) know that the GDPR rules apply to their companies as well. However, one-fifth say that it is simply impossible to satisfy the terms of the GDPR. About 44% believe that their companies fully or almost fully comply with GDPR only a year after it came into effect.

Hungaryʼs National Authority for Data Protection and Freedom of Information (NAIH) said that more than 1,000 investigations in data protection cases were conducted between the GDPRʼs introduction and the end of October 2018, according to NAIH President Attila Péterfalvi. A fine of HUF 1 million has already been handed out to an unnamed company.

"As much as it looks like an impossible mission to fulfill the terms of the regulation, the Union will not stop backing GDPR," says Mihály Zala, head of EY Hungaryʼs cybersecurity branch. "Companies must comply with regulations, in order to avoid fines. It is worth contacting an external company to complete the remaining tasks for those companies who cannot satisfy the terms."

About 79% of companies prepared for compliance through training, 64% appointed data protection officers, and 57% conducted technological developments. A quarter of respondents have already changed suppliers to complete the GDPR requirements, and a further 30% are planning to do so in future.

"In many cases, companies only cared about the regulation due to the expectations of their partners," observes Zala. "GDPR prescribes strict requirements regarding contacts with data controllers. Those companies who continuously fail to handle the information of their clients properly should not only expect fines, but they may also fall out of well-operating business networks."