GDPR research by The Legal 500
The new General Data Protection Regulation (GDPR) became applicable on 25 May 2018, marking a new era for the digital economy. In preparation, KPMG’s Global Legal Services commissioned The Legal 500 to survey 448 legal counsel to find out how legal teams are tackling the hurdles and developing best practice. The guide delves into the data to explore the challenges, preparation considerations, systems and processes and risks which revolve around GDPR. Here is a summary of a few key points:
- Difficulty determining responsibility as GDPR affects all parts of an organization (see pages 4-5 on key challenges)
- Legal are central to preparation efforts but success largely depends on the work of other departments
- GDPR demands organizations have an understanding and control over all their IT systems and processes – difficult with legacy architecture and systems
- Few organizations have sought to understand the risks arising from third party suppliers and commercial partners. Only 10% have made contact to check third-party compliance with GDPR