Skip to main content

GDPR compliance after May 2018: A continuing challenge

Companies will need to increase automation and streamline their organization if they are not to be overwhelmed by the challenge of sustaining GDPR compliance over the long term.

With the EU’s General Data Protection Regulation (GDPR) coming into effect on May 25, 2018, businesses are scrambling to put compliance measures in place. However, recent McKinsey research showed that few companies feel fully prepared. As many as half of them expect gaps to remain after the cut-off date, especially in some areas of IT. These companies are resorting to temporary controls and manual processes to ensure compliance until they implement more permanent IT solutions in years to come.

Broader organizational challenges persist too, such as ensuring that data subjects’ rights are protected and respected and that impact assessments, the reporting of breaches, and audit organizations are functioning properly. To meet the imminent deadline, companies are adopting stopgap solutions, often without sufficient time to pressure-test them to see how they perform. Much work remains to be done after the May deadline if businesses are to overcome challenges like these and develop solutions that are sustainable in the long term.