When I attended some conferences in the early spring, the European Union General Data Protection Regulation (GDPR) was the main point of conversation and conference sessions. It was bigger than ransomware and IoT security, which were the major talking points of RSA and previous cybersecurity conferences. It made sense that GDPR was taking center stage in the spring. The regulations go into effect May 2018, so these conversations served as a one-year countdown.

But it seems GDPR is back in the news – or on my radar, at least – as multiple organizations have investigated just how prepared companies are for the upcoming regulations. The Equifax breach has really put GDPR in the spotlight. In conversations I had at NEXT 2017, the general consensus was that the Equifax breach, and other big-name events like the SEC and Deloitte incidents, would have been dealt with very differently if GDPR would have begun in May 2017.

Like it or not, most businesses in the United States will have to follow GDPR. That includes small shops with an online store and with customers based in the EU. But new studies show that when May 25, 2018, comes around, a lot of companies, large and small, are going to be unprepared.

A new poll from Waterline Data found that, perhaps unsurprisingly, zero percent of the data professionals surveyed have completed the implementation of a GDPR data compliance process. However, slightly more than half have begun conducting risk assessments in preparation.


Catch the rest of the article here!