Complying with GDPR is still a headache for most organisations
Whilst the number of firms claiming to be compliant with GDPR is steadily increasing, a recent poll by Baker Tilly indicates that nearly 67% of US companies are still not compliant. In addition, more than a third of firms still believe that data privacy is just an IT issue and have not otherwise integrated it into normal working practices and procedures.
David Ross, principal and growth leader of Baker Tilly’s privacy and cybersecurity practices, said:
“Privacy governance is relatively immature with organizations only beginning to incorporate it into their strategy. At its core, privacy is a risk-based issue, not an IT or security problem. A sustainable privacy program requires a multi-disciplinary approach that incorporates governance, compliance and risk management disciplines from senior management, finance, IT, security, HR and other functional areas.”
Mike Vanderbilt, director with Baker Tilly’s privacy practice, added:
“GDPR is becoming the de facto standard for privacy regulations in the USA and across the globe. If an organization is compliant with GDPR, the organization is already approximately 90-95% compliant with the California Consumer Privacy Act. Working toward a sustainable privacy program enables an organization to pivot and adapt as new regulations unfold.”
Baker Tilly recently held a webinar looking at how to prepare for regulatory enforcement, ongoing monitoring and compliance in a data protection and privacy landscape that is still developing.
A recording of the webinar and the accompanying slides are available here.