Press Release

Despite Impending Deadline, Most Organizations Remain Unprepared to Comply With GDPR

Poll finds 90 percent without necessary controls in place

CHICAGO (April 24, 2018) – A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates 90 percent of organizations do not have the necessary controls in place to be compliant with the General Data Protection Regulation’s (GDPR) impending enforcement date, May 25, 2018.

“With recent significant data breaches, concerns around personal data access at Facebook/Cambridge Analytica and the coming enforcement date of GDPR, privacy concerns are heightened,” David Ross, partner with Baker Tilly’s cybersecurity and privacy practice, said. “Leading organizations need to implement proactive, risk-based monitoring and compliance measures as part of a comprehensive cybersecurity and privacy program.”

Significant GDPR noncompliance penalties

Enacted by the European Union (EU), the GDPR governs the collection, processing, use and storage of personal data originating in the EU. Organizations, including U.S. organizations, could face significant impacts, including fines of up to four percent of annual global revenue or €20 million (whichever is greater) and material and non-material damages such as financial loss and damage to reputation.

“Having well-documented privacy policies and procedures coupled with a documented privacy program overall demonstrates the organization is actively engaged in ensuring compliance in case of GDPR oversight review,” Mike Vanderbilt, director with Baker Tilly’s cybersecurity and privacy practice, said.

Baker Tilly recently held an educational webinar, “GDPR: Is your organization ready?” to help organizations understand the GDPR and prepare for the enforcement, ongoing monitoring and compliance.

The webinar presenters discussed:

  • Potential data pools and systems affected by GDPR
  • The impact of the data subject rights and other requirements defined by GDPR and how they apply to organizations
  • How an organization’s current cybersecurity and privacy programs can support its ability to address GDPR’s requirements

Presentation slides and a recording of the webinar are available at A GDPR overview infographic can be found at

About Baker Tilly US, LLP (

Baker Tilly US, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit or join the conversation on LinkedIn, Facebook and Twitter.