Working NOW to Get Ready for the May 2018 EU Privacy Regime Change


It’s almost one month into 2017 and some people are already planning their summer and fall 2017 vacations. But, companies, attorneys and privacy compliance specialists are already setting their sights on May 2018. 

In a recent PwC survey of 200 executives and general counsel of U.S. companies with more than 500 employees, approximately 92 percent of respondents said that preparing for the upcoming European Union General Data Protection Regulation (GDPR) is the top priority on their data privacy and security agenda for 2017. The GDPR creates a new privacy regime to replace an over 20-year old privacy law that wasn’t keeping up with the digital world.

If a company violates the landmark privacy regulation, it may face fines of up to 4 percent of its worldwide revenue. To avoid the potential mega-fines, it makes sense for companies to plan early, get it right and set aside resources for possible rainy days. 

According to the PwC survey, approximately 77 percent of respondents said that they plan on spending more than $1 million to prepare for the GDPR. In a recent article, a GDPR analyst told Bloomberg BNA that companies should be completely prepped to face the GDPR this year. “A tall order, but 2017 is the year to become 100 percent compliant. The first five months of 2018 should be set aside as contingency remediation time for minor glitches, not for major changes,” the analyst said.

The PwC report echoed similar advice. U.S. multinationals that haven’t “taken significant steps to prepare for GDPR are already behind their peers,” it said. “As European regulators in 2017 further clarify how they interpret the GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives,” it said.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.