GDPR went into effect on May 25, 2018, and a year later, it seems clear that data protection and privacy rights are taking center stage on a global scale and are not a strictly European phenomenon. Data and privacy professionals are counting the days until the California Consumer Privacy Act — similar to GDPR in its scope and requirements — comes into effect next year, and similar laws are being drafted in countries like Brazil and India.
The run-up to GDPR’s enforcement date last May was fraught with uncertainty as organizations scrambled to decide how they would adjust their operations to comply with the new regulations. Readiness for GDPR had to be implemented across several departments, creating multiple and unique compliance challenges. Fast forward to May 2019, and organizations are still trying to come to terms with GDPR’s practical impact, and department-specific compliance challenges remain a significant hurdle.
By the end of 2018, and six months after GDPR came into effect, a survey by the International Association Of Privacy Professionals depicted a mixed picture of the status of GDPR compliance. On the one hand, working towards compliance seems easier in practice than it was on paper. Three-quarters of respondents said they had appointed a data protection officer, and three in four claimed they had made changes to products and services for compliance purposes. However, more than half of respondents admitted they were far from achieving compliance, and nearly 20 percent said full compliance might never be achieved.
As far as associations are concerned, GDPR compliance has prompted an overdue reconsideration of data security in their technical infrastructure, management systems, and member data collection and handling procedures.