May 25 is just the beginning of the GDPR story, says IAPP

The International Association of Privacy Professionals (IAPP) have urged numerous organisations dealing with data about people in Europe to continue their efforts to adapt to the new standard and to train their staff way beyond May 25

As the General Data Protection Regulation (GDPR) finally enters into force today, many public and private organisations are still preparing for this massive change to the data protection landscape with far-reaching implications.

“Ready or not, the GDPR is here. It’s a revolution in the way companies and other organisations manage personal data in their daily work. To address the risks and challenges posed by the GDPR, we all must be smart about data protection,” said Trevor Hughes, President and CEO of the International Association of Privacy Professionals.

“We have to ensure that our staff is trained to fully understand the consequences of this new regulation. This will be an ongoing process.”

The GDPR marks a tectonic shift in Europe’s data protection framework, with profound implications for businesses outside of Europe dealing with data about people in Europe or operating European establishments and data centres. Although the GDPR deadline has been known for two years, according to an IAPP report, only 40% of the organisations concerned by the GDPR expect to be fully compliant by 25 May.

Moreover, Vera Jourova, the European Commissioner for Justice, recently warned that at least eight EU countries will not be ready to completely implement the new data protection law in due time.