Time may be relative, but most people will agree that whether you’re launching a business or planning a wedding, two years is a lot of notice, and enough time to adequately prepare for most things. Or so it would seem.
But when the General Data Protection Regulations (GDPR) were first announced in April 2016, the European Union gave companies two years to put together a plan. Fast forward to May 2018, when those regulations were officially rolled out, and the majority of companies were and still are failing to comply.
What happened? Why is it that a survey from the first three months following GDPR’s formal enactment shows that 70 percent of companies aren’t compliant? Is it that the regulations are that hard to follow, or is it something else?
To be sure, some companies aren’t yet compliant simply because they ignored the deadline, believe GDPR doesn’t apply to them, or haven’t gotten around to putting their plan into action. But for some the deterrent to GDPR compliance is fear.
Along with new demands for companies with regards to data governance, GDPR introduced a new concept: The right to erasure. This right to be forgotten allows customers to demand their personal data be erased at any time and mandates that companies have 30 days from a customer request to compliance.
But what happens to the system at large when data is erased? How does a company function when one of its largest assets—the data it holds—disappears? Not knowing the answer is terrifying for some. So much so that some companies are capable of complying, but are choosing not to, believing that the fines associated with risking non-compliance are preferable to risking their data.