With less than a month to go until the European Union's General Data Protection Regulation (GDPR) comes into effect, many organisations are still scrambling to comply, risking hefty fines in the process.
More than half of the 448 institutions surveyed by KPMG Global Legal Services admitted that they were not yet compliant, with a common Achilles' heel being third-party vendors. Under GDPR, even the commercial suppliers of companies that collect data from customers need to comply - but an overwhelming majority have yet to establish if members of their supply chain are adhering to the regulations.
Juerg Birri, KPMG's global head of legal services, said: "Surprisingly, many businesses haven’t looked at their supply chain as a potential risk for GDPR compliance. This is particularly challenging for global organisations, with thousands of suppliers, and could be costly if not addressed with the appropriate rigour needed under the GDPR."
According to Infosecurity Magazine, an additional obstacle is that many boards either fail to understand or take seriously enough the full impact of the Regulation. By way of contrast, of those organisations that benefit from board-level support, 69% have already appointed a data protection officer, 55% have documented all of their data processing activities, and nearly half (49%) believe that their employees are either mostly or fully aware of their obligations under GDPR.
Other recent studies report similar findings. Technology industry association CompTIA recently conducted a survey of 400 US companies on their GDPR readiness and found that only 22% have started developing compliance plans. A mere 13% were fully compliant.
Todd Thibodeaux, CompTIA president and chief executive, said: "Confusion about the regulations remains a significant problem for many companies."
Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.
With less than a month to go until the European Union's General Data Protection Regulation (GDPR) comes into effect, many organisations are still scrambling to comply, risking hefty fines in the process.
More than half of the 448 institutions surveyed by KPMG Global Legal Services admitted that they were not yet compliant, with a common Achilles' heel being third-party vendors. Under GDPR, even the commercial suppliers of companies that collect data from customers need to comply - but an overwhelming majority have yet to establish if members of their supply chain are adhering to the regulations.
Juerg Birri, KPMG's global head of legal services, said: "Surprisingly, many businesses haven’t looked at their supply chain as a potential risk for GDPR compliance. This is particularly challenging for global organisations, with thousands of suppliers, and could be costly if not addressed with the appropriate rigour needed under the GDPR."
According to Infosecurity Magazine, an additional obstacle is that many boards either fail to understand or take seriously enough the full impact of the Regulation. By way of contrast, of those organisations that benefit from board-level support, 69% have already appointed a data protection officer, 55% have documented all of their data processing activities, and nearly half (49%) believe that their employees are either mostly or fully aware of their obligations under GDPR.
Other recent studies report similar findings. Technology industry association CompTIA recently conducted a survey of 400 US companies on their GDPR readiness and found that only 22% have started developing compliance plans. A mere 13% were fully compliant.
Todd Thibodeaux, CompTIA president and chief executive, said: "Confusion about the regulations remains a significant problem for many companies."
Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.
