Time is counting down to the GDPR enforcement date - 25 May 2018. As of today, organizations worldwide have around 8 months to be fully compliant with the European General Data Protection Regulation.
This is what industry leaders are saying about the impending regulation:
Elizabeth Denham, UK Information Commissioner at the ICO in Cheshire
“When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real.”
Mike Palmer, Executive Vice President and CPO at Veritas
“There is just over a year to go before GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organizations around the world. It doesn’t matter if you’re based in the EU or not, if your organization does business in the region, the regulation applies to you,” said Palmer. “A sensible next step would be to seek an advisory service that can check the level of readiness and build a strategy that ensures compliance. A failure to react now puts jobs, brand reputation and the livelihood of businesses in jeopardy.”
Trevor Hughes, President, and CEO of the International Association of Privacy Professionals
"I think that we see some significant concerns in the years ahead with regards to European adequacy in data transfers to the United States. The case currently going through in Dublin, certainly portends trouble ahead and the first Schrems case that went through the Safe Harbor case, if that's any indication I think that we will continue to see challenges to those data transfer mechanisms.
We will continue to see criticism of US data practices, particularly around intelligence community gathering of data in the private and public sectors, we'll continue to see those things. At the same time, however, the massive value and utility of those data flows between Europe and the United States at some point needs to become part of that policy consideration. At some point, those jurisdictions are going to step back and say, “We're part of the information economy now, and the data transfers between Europe and the United States are so incredibly important we simply cannot abide by not allowing these data transfers to occur.”
Dave Allen, Senior Vice President & General Counsel at Dyn
"As the EU General Data Protection Regulation (GDPR) comes into effect, businesses will need to take a hard look at their current methods of sharing and storing data. While some Internet companies have begun to address new challenges at the fixed locations where data is stored – this alone will not necessarily be enough to ensure compliance.
Those companies focusing solely on data residency may well fall victim to a false sense of confidence that sufficient steps have been taken to address these myriad regulations outlined in the GDPR. As the GDPR will hold businesses accountable for their data practices, businesses must recognise that the actual paths data travels are also a key factor to consider. In many ways, the constraints which come with the cross-border routing of data across several sovereign states mean these paths pose a more complex problem to solve.
Although no silver bullet exists for compliance with the emerging regulations which govern data flows, businesses which rely on the global Internet to serve their customers should be seriously considering visibility into routing paths along both the open Internet and private networks. As we enter an era of emerging geographic restrictions, businesses with access to traffic patterns in real time, in addition to geo-location information, will find themselves in a much stronger position to tackle the challenges posed by the GDPR."
Is your organization prepared for GDPR? Take our compliance quiz to measure your readiness level.