In the year since it went into effect, the European Union's General Data Protection Regulation (GDPR) has heightened awareness of data privacy issues and driven some important changes in how US companies handle consumer data. However, most organizations appear to be a long way off from implementing GDPR's core requirement for a privacy-by-design model for data protection, security experts say.
"As we wrap the first year of GDPR, most businesses progressed on accountability," says Jean-Michel Franco, a GDPR and data privacy specialist at Talend.
Many organizations have set up or refreshed their legal framework for data privacy, improved defenses against data breaches, and begun managing user consent more rigorously.
"But significant gaps toward compliance are generally still to be addressed," ..