TACTQ Insights

Since its approval on 14th April 2016, General Data Protection Regulation (GDPR) has been causing anxiety and dread amongst IT compliance, data protection and security professionals. With a threatening deadline of 25th May 2018, GDPR has served as a catalyst for millions of dollars of investment.

What exactly is GDPR? The GDPR is a set of requirements set forth by the EU Parliament in order to ensure consistent privacy laws protecting the personal data of EU residents. Personal data refers to any information related to a natural person or ‘Data Subject’ that can be used directly or indirectly to identify a person. A name or photo or bank account number or email address or even the computer’s IP address. GDPR is here to protect against all these privacy and data breaches, due to the increasing number of cyber criminals and hackers.


GDPR lay out a long list of requirements for compliance. The articles having the most impact involve the hiring of high-level data management professionals, cross-border data transfers, vendor management and the manipulation of data to become neither anonymous, nor identifiable (which is called Pseudonymization).

In a recent research conducted to determine how the companies are being affected by the regulation. They reached out to a variety of IT professionals in U.S, Canada and the UK. According to the data collected, participants affected by the GDPR include organizations headquartered in the EU (24%), organizations with locations in the EU (26%), and organizations doing business with companies in the EU (29%). Confirming that organizations in the EU are certainly not the only ones being affected by the regulation.

Participants were asked which key areas still require investment for their organizations to become compliant in 2018. And their response?

Processes for Pseudonymization of personal data (29%)
Processes for testing, assessing, and evaluating data security (36%)
Creating positions for Controllers and Processors of data (19%)

To hire a Data Protection Officer is another key requirement that was put forward in the regulation. A Data Protection Officer has to look into all the matters related to the data protection strategy and most importantly, make sure that the implementation of the processes- to ensure that the compliance is met. Research shows that there are still 21% of organizations that need to hire a Data Protection Officer, and that too before the deadline in 2018.

One of the greatest impact is, of course, the restrictions related to transfer of data to countries outside the EU. Any country that receives data from EU has to have adequate data security measures. Because of this regulation, 32% of the companies would have to change their data transfer processes, and this is a huge number! Nearly 40% of Businesses Affected by the General Data Protection Regulation (GDPR) Aren’t Compliant