There are now just 10 days left until data compliance enters an unprecedented era.
The long-awaited implementation of the European Union’s General Data Protection Regulation (GDPR) will place a strict set of data privacy and security requirements on every company across the world that handles EU citizens’ information.
Investment firms aren’t ready.
More than half of investment firms aren’t likely to be prepared for the 25 May deadline, according to a new study by Cordium, a governance, risk, and compliance services provider, and AmberGate, a data-protection consultancy.
The clock is ticking for firms to shore up their compliance programmes ahead of the new legislation, yet only 2% of firms included in the survey said they had finished putting their GDPR policies into place.
“Companies that have not yet started their GDPR program – or those still at the early stages – expose themselves to significant compliance and reputational risk,” says Michael Corcione, managing director, cybersecurity and data protection consulting services at Cordium. “Lack of readiness is due to a failure by firms to understand their exposure to the regulation, as well as MiFID II’s earlier deadline, leaving GDPR to fall down the priority list. With just a four-week window, firms should be practicing these procedures, not defining them.”
Exercise of data rights was the most-feared aspect of GDPR, according to firms in the study. A whopping 64% felt unprepared to respond. The 72-hour window required to report a personal breach also drew significant anxiety, with only 59% saying they were prepared to comply with the time limit.
“The lack of GDPR preparedness in the industry is concerning, particularly given the risk of regulatory action and the potential impact to a firm’s reputation,” says Robert Baugh, founder and CEO, AmberGate. “Many firms will now need to divert significant resources and time to the project – there is clearly still much to do across most organisations. Firms will face growing pressure from an internal governance perspective, from investors, and from regulators likely to take an increasingly firm stance on the issue.”
Severe punishments for violating new cyber compliance rules