While we’ve been working through and signed quite a few DPA’s with various services to get Colloq fully GDPR compliant, we’ve also come across some services where I’m a little surprised about their feedback, which in more than one case reads somewhat like this:
Thanks for the response! We currently don't have a DPA in place that we can provide as we're still working on this. We should have this all set and ready by May. If you have any other questions, feel free to ask!
The enforcement of the GDPR goes into effect on May 25th, 2018. That means everyone needs to be compliant by that date and in some cases getting compliant can be quite some work. The issue is that you have to wait for these services to be ready to start thinking about how to handle each and every case and what to do with those services.
The main problem here is timing: While some services take their time to be compliant by the effective date (or whichever date “ready by May” refers to…), only a small amount of companies seem to actually care about their customers and how they also need to meet the deadline…