How are organizations tackling the GDPR challenge?
Our new report, GDPR Survey: Benefits beyond compliance, reveals that in spite of a continuous struggle to secure compliance with the GDPR, many organizations are able to derive operational benefits from this implementation. Working with BearingPoint, we surveyed over 100 data privacy specialists across the globe to better understand their compliance journeys. Key insights include:
- Compliance is a chain of responsibilities. GDPR compliance requires a collective effort from the DPO, who can be compared to a project manager, the data controller and data processors, who are the ones in charge of personal data processing.
- GDPR compliance is still a work in progress and may always be so. Compliance with the regulation is actually a continuous journey rather than a goal that can ever be achieved. It is indeed of the essence of this regulation that companies (or public organizations or associations) be led to implement a dynamic and risk-based data protection framework, which such companies must adapt to their evolving context and environment.
- While most of the GDPR projects started before 2018, the next priorities identified by respondents relate to GDPR internal procedures. These include preparation and rolling out of procedures, review of contracts, and review of consent and information notices.
- GDPR brings operational benefits. Around three-quarters (71%) of survey respondents stated that they have achieved operational benefits as a result of implementing GDPR compliance. These benefits were realized through the activities necessary to move toward compliance.