The 25th May 2018 is a date that should resonate with large enterprises just as much as 1stJan 2000 (Y2K) did seventeen years ago. Back then, with the new millennium fast approaching, companies scrambled to get their mainframe applications updated to handle a new date format. There was a level of panic in IT departments, and as far as compelling events are concerned, it didn’t get more acute. Next May GDPR is fully implemented and compliance expected. And yet, there is seemingly not quite the same level of panic. Whilst panic is not what we want to see, there should definitely be concern. All EU business, and any international companies that hold data on EU individuals and companies, must conform to Regulation (EU) 2016/679, the GDPR directive by that date, or they will face severe fines and censures. In fact, whilst Y2K actually went off without incident, GDPR is very unlikely to follow that benign path. The penalties would appear to be real and could be many of millions of dollars for large enterprises.
Recent PwC research indicates that many organizations are failing in their GDPR preparation and, as Stewart Room, the global lead cyber security and data legal protection services at PwC says in his report “If you do not focus on the technology stack over the next seven months, and you are responsible for a GDPR programme, you know where the pain is coming from”.
Many companies have been standing up GDPR projects and indeed, some large organizations have many hundreds of staff working on GDPR. But little is being achieved according to PwC. The sense of urgency has yet to permeate them and there is only a few months to go. Notification of breaches, exposure to third parties, communication to government bodies and remediation obligations are just a few aspects that will need to be reported on to demonstrate GDPR readiness and compliance. Where are these elements defined?
Most organizations have hundreds of thousands of contracts – and they need analyzing for GDPR relevant clauses. Even if cost is no barrier, there is just not enough time to read and review this volume manually. Third party service providers like PwC, Accenture, Deloitte and E&Y all have practices focused on delivering support around GDPR but as Room says “the biggest risk is that all the third-party service providers that could help have already been snapped up and are working to capacity”.
As Room indicates, the technology stack is critical if companies are going to meet the deadline now. Contract analytics are key to understanding the terms that apply for GDPR compliance in all the contracts. Seal identified the GDPR use case back when the regulation was announced 2 years ago and several European enterprises have been diligently implementing the technology to that end, together with a number of US organizations with significant EU presence. However, for companies who are still staring into the GDPR headlights and have not put in a framework, there is a fast track solution now available from Apogee Legal called GDPR Insight™. GDPR Insight™ extracts all the GDPR-centric terms and presents them in a user-friendly, easy-to-consume way for senior executives to understand their position with respect to this data protection regulation. This can be implemented in a matter of months and provide a fast track to compliance. It is based on the Seal platform and can be hosted in the cloud or implemented as an on-premise solution. More details can be found here.
GDPR is a regulation that demands respect and action. Seal and Apogee Legal have joined forces to make this happen.
We are running two GDPR Webinars this month, October 20th and October 30th and if you would like to see our solution in action please register here.