GDPR is not a new regulation that has suddenly come upon us from high. It has been well-documented and discussed and the May 25 deadline should not really surprise anyone. Therefore, it is very surprising to find that 40% of companies won't make that deadline and 8% did not know when (or surely if) they will make compliance.

Regardless of people's state of preparedness, time ticks on and the regulation will come into effect on May 25. What happens next is something that will occupy many people's minds. Are the 52% truly compliant? Can they respond effectively to a Subject Access Request or a data breach? What will happen to the 40% or even the 8%? How will regulators react and respond? Whose door will they be knocking on?

Time will obviously reveal all, but a practical view of the world leads us to believe that the regulator will not be taking action unless something is brought to their attention (by whatever means). Therefore, companies need to be ready to respond to Subject Access Requests and data breaches as failure to do so clearly opens a path to the regulator's door.

So regardless of where a company falls in the survey's findings, being ready to respond to either of these events is something that should be a critical consideration as May 25 gets closer and closer...