Companies are failing to prepare adequately for the new EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, less than a year from today.

A partner at Crowe Horwarth was quoted in the Financial Times as saying that a recent survey found that over 60% of financial services companies were only just starting to get ready for GDPR, or were still trying to understand the gaps they needed to address. This is a particular concern as long timeframes may be needed to remedy any identified gaps, particularly where legacy IT systems are used. In addition, other companies are viewing the GDPR as a “nuisance”, treating it as a check-box ticking exercise rather than a serious compliance issue.

The GDPR will require companies to adopt much stricter procedures and processes when handling customer data. The maximum fine for non-compliance is 4 percent of the previous year’s annual global turnover, or €20 million, whichever is the greater. In addition, company executives can also face criminal penalties if deemed responsible for data breaches.

Companies must start work immediately on implementing changes required by the GDPR in order to avoid exposure to significant liability. Read more about the GDPR here.

Edwin Tan contributed to this article.