Many of the UK's largest companies have still failed to fully grasp the importance of complying with the upcoming GDPR legislation, a new report has revealed.
A survey of security chiefs at FTSE 350 and Fortune 500 companies by international law firm Paul Hastings has found that over half of companies across the UK and US will not be ready for the new regulations by the May 25th deadline.
The study, which surveyed general counsel and chief security officers, found that only 43 per cent of companies are setting up an internal GDPR taskforce (39 per cent in the UK, 47 per cent in the US). A third say they are hiring a third-party to conduct a GDPR gap analysis (33 per cent across both locations) and only one in three is hiring a third-party consultant or counsel to assist with compliance (33 per cent in the UK, 37 per cent in the US).
This was despite the vast majority of the companies surveyed claiming that they were "on track" with their GDPR compliance, with 98 per cent of Fortune companies making this claim, along with 94 per cent of the FTSE 350 representatives.
“Achieving GDPR compliance is an enormous task – one that in our experience almost inevitably requires dedicated resources and budget," said Behnam Dayanim, partner and global co-chair of the privacy and cybersecurity practice at Paul Hastings. "Against that backdrop, the confidence among major corporations revealed in our survey seems mismatched with those same businesses’ reports of their implementation efforts."
“With so few companies undertaking key compliance measures to date, it will be a race to the finish line for those needing to meet the terms of this wide-reaching regulation. This unfortunately seems to be setting up a scenario for multiple investigations and enforcement activities once the implementation date arrives.”