GDPR Extensions: Are They Available?
The GDPR deadline has arrived (or rather, it will arrive within the next 48 hours or so—too soon for an unprepared company to enact a miraculous turnaround), and despite the long runway leading up to this historical week, a large number of companies and organizations are deemed unlikely to cross the finish line. According to a recent report by Solix Technologies, about 65% of surveyed companies are not confident that their data management systems and protocols meet these new legal standards for privacy and security.
So if your company falls into this category, you’re not alone…but you may still be subject to the penalties associated with gaps and compliance failures: 4% of gross revenues or 20 million Euros, whichever is higher.
Many of the businesses that lack confidence in their readiness are either 1) confused about the path forward and still held back by questions about the nature of the law, or 2) financially unable to make the necessary changes. Some are struggling to gain explicit data-related consent from unresponsive customers.
Smaller companies are wondering what the future holds as they stand at an impasse, not knowing how to become compliant (How do we obtain customer consent before deleting no-longer-relevant data? How do we establish an audit trail to make sure private data is protected at each stage of the lifecycle? How can we track and account for every byte of personal data that enters our system? How can we afford these changes and upgrades? etc) and in many cases, not even knowing if the law does or does not cover them.
All of these questions are giving way to one large, overarching question: Once the deadline arrives, will options be available for extension or appeal?
Elizabeth Denham, the UK Information Commissioner at the ICO, and small business ministers through the European Union are fielding a host of requests to make such extensions and options available. So far, no single universal channel exists by which hard-pressed small businesses can describe their situations and make their appeals. But at some point, such channels may become available. This will probably take place when and if large numbers of cash-strapped small companies face insupportable fines and penalties.
So far in the US, most large companies are on track to successful compliance. But many smaller businesses still have questions and are still searching for resolutions and alternative options. If your not-yet-compliant enterprise involves a customer percentage or client base within the EU, and you feel your business won’t survive without these customers, now is the perfect time to reach out for answers and support. Our team can review the nature of your business model and help you identify compliance gaps and next steps—Including any extension or appeal options that become available over the next few weeks and months.