Only 34.5 % of the approximately 500 professionals responsible for compliance to the European Union (EU) General Data Protection Regulation (GDPR) report maintaining practices that are in keeping with the regulation, a recent Deloitte poll.

According to the poll, one-third of respondents (32.7 %) hope to be compliant within 2018. And, 11.7% plan to take a “wait and see” approach amid uncertainty over how EU regulators in various countries will enforce the new regulation.

“The fact that the GDPR effective date has come and gone,” (it became law in May 2018), “and many are still scrambling to demonstrate a defensible position on GDPR compliance reflects the complexity and challenges as the world of privacy rapidly changes,” said Rich Vestuto, a Deloitte Risk and Financial Advisory managing director in discovery for Deloitte Transactions and Business Analytics LLP.

There were a number of other serious issues brought to light, including a very low number of professionals feeling that their organizations knew the state of their third-party data access, and the extent to which artificial intelligence was applied to that data.

At issue here is the prevailing culture of cyber-insecurity and privacy de-damned-ism. The poll found that many issues facing organizations on the privacy front may actually be made easier to track in the wake of the GDPR, but the prevailing sense found in those polled out there still seems to be that compliance costs money—much more than fines.