Despite the May 2018 deadline, most companies have not implemented all necessary GDPR changes, according to an IT Governance report.
Six months after the deadline, only 29% of EU-based organizations have fully implemented the EU's General Data Protection Regulation (GDPR), leaving them susceptible to major penalties, according to a Thursday report from IT Governance.
GDPR came into effect on May 25, 2018, and applies to all organizations that handle data from EU residents, regardless of the organization's location or where the data is processed. If an organization fails to comply with GDPR, the maximum penalty is a fine of 4% of its global annual revenue.
Source : https://www.techrepublic.com