The European General Data Protection Regulation (GDPR) will come into force in six months, but the online Data Privacy Scorebox tool developed by international law firm DLA Piper suggest that less than a third of organizations are prepared to comply with the new law.
The GDPR applies to data processing carried out by organizations operating within the European Union and those outside the EU that offer goods or services to individuals in the EU. The law governs companies' use and storage of data, and details customers' rights.
"For the over 200 organizations responding to DLA Piper's Data Privacy Scorebox online survey tool since the start of the year," reports DLA Piper, "the average alignment score--the average score given to each organization for their preparedness based on their responses to the Scorebox questionnaire--with all key international data privacy principles was 31.5%, as against an 38.3% average score for respondents in the 2016 calendar year."
Scott Thiel, DLA Piper's Intellectual Property and Technology partner in Hong Kong, urged organizations in Asis "to act quickly to prepare themselves in time." Under the GDPR, the EU regulator can impose fines of up to 20 million euros or 4% of group worlwide turnoever, whichever is greater. The penalties can be imposed on both the controller and processor of the data.
Complying with data protection laws is not easy, warns DLA Piper. Companies need to take into account not only regional, national and sector-specific measures, but also opinions and guidelines issued by regulations.
The good news is that the laws and regulations are generally based on the same key principles, so those organizations that are in alignment with the GDPR will be ahead of the game as other jurisdictions, including those in Asia, enact their own data privacy regulations.