It’s not just companies outside the EU that are struggling. I find a lot of misconceptions even in in-region organisations. The most annoying is when I see something labelled as ‘GDPR Compliant’. I’ll say it (yet) again: you don’t comply to GDPR, it’s not a set of tick-boxes, you make sure you align to the principles…:
Enterprises across the world are still struggling to comply with the new rules enshrined in the GDPR that came into effect more than a year ago. The regulation had global implications, forcing companies in the US, China and Japan to comply with new, sometimes arcane, rules previously unseen on this scale.
A new study commissioned by international law firm McDermott Will & Emery and conducted by the Ponemon Institute found that almost 50% of respondents experienced at least one personal data breach that was required to be reported under GDPR in the last year.
Companies in both China and Japan had a very high number of respondents who said they were still “not familiar” with large parts of the regulation.