Hear that noise? It is the sound of the General Data Protection Regulation clearing the final legislative hurdle and (nearly) becoming law. Given the four-year process and thousands of amendments it underwent, I imagine that, when the European Parliament passed GDPR at second reading today, it sounded like a champagne cork flying out of the bottle.
This will shortly be followed by another noise - that of tens of thousands of companies rushing to catch up with their new obligations. Research carried out by DataIQ has shown that eight out of ten companies are aware to some extent of the Regulation.
But when it comes to being prepared, the picture is somewhat different - only 6.5 % described themselves as very prepared. That is likely to mean they have already developed a strategy, assembled the leadership team, assigned resources and have a clear timeline for their compliance project. For this small group, meeting the two-year deadline will be no problem.
Four out of ten describe themselves as not very or not at all ready for GDPR - an honest assessment which includes the tacit admission that they will be rushing to meet the deadline. At least this group know they have done nothing and have it all yet to do.
More worrying is the 48 % who describe themselves as somewhat prepared for the arrival of GDPR. There are two ways to view this: positively, in that they may have been holding back from data protection projects until the final form of the Regulation was clear; or negatively, in that they may believe themselves to be more across the issue than they really are. If you have pulled the cork on a bottle of champagne, you are somewhat prepared for a party. But you are only really ready if you have glasses laid out, canapés warming and guests at the door.
There is still time to improve that level of preparation. Having been ratified, GDPR still needs to be translated into all the official languages of the European Union and then published in the Official Journal of the EU. That is when it officially becomes law and the two-year countdown to enforcement begins. June is the most likely month for this to happen.
But it is not safe to assume this is a reasonable timescale. For one thing, there will be considerable resource constraints as everybody tries to achieve the same goals, from hiring a Data Protection Officer to getting ICO sign-off on big data initiatives. For another, changing business processes and corporate culture (if required) takes a lot longer than you might expect. Chances are, once you do get started, you might need that drink.