GDPR i.e. General Data Protection Regulation that came into effect on May 25,2018, with the aim to prevent the personal and sensitive data of the residents of European Union, is still a challenge in many arenas. The concerns and challenges are in the wake of very few companies being completely HIPAA compliant.

There are some companies that still feel that they are not prepared for GDPR and therefore, still use temporary measures and controls until a better and permanent control is implemented. Other than these basic concerns, a wide sphere of concerns also needs attention.

The organizations face difficulty in protecting the data subjects and ensuring that the breach of security is reported. Organizations still have numerous loopholes to be filled and implement measures that are long lasting and impenetrable.

Let’s have a look at some of the reasons that worry the organizations and poses concerns with respect to GDPR compliance:

1. The newness of the law: Organizations still have a long way to go in order to adapt themselves to the new guidelines and framework of GDPR that requires the organizations to not just conform to them, but also maintain, report, formulate, adopt, visit and revisit certain policies that uphold the privacy of the data uptight, without any breach of security.
2. The Specifications: The new requirements and policies focus to meet specific procedures pertaining to the safeguarding of data. They help structuralize and formalize new measure to make the existing policies more efficient and by adopting new ones. They work to maintain, report and notify new policies and measures and demand for remedial actions as per the requirement.
3. The Fines Imposed: Non-compliance of the GDPR can often come with a heavy price. The regulators can authorize actions in any of the following ways:
   • By issuing a warning or imposing a temporary ban on processing the data.
   • By imposing a hefty fine. The fine depends from case to case.
   • The action could be both of the above, again depending on the gravity of the case.

4. Ambiguous Demands: The uncertainty and no fixed level of protect the personal data further constitutes the concerns as regulators can employ flexibility in assessing fines for the breach in data protection norms.