On November 9, 2016, AvePoint, the Microsoft Cloud expert and also the Center for Information Policy Leadership (CIPL) at Hunton & Johnson, LLP released the first GDPR benchmark report from the results of the joint global survey we had launched in May 2016 concerning business readiness for applying the EU General Data Protection Regulation (GDPR). The GDPR replaces Directive 95/46/EC (the Directive) and can enter into pressure in May 2018.
Laptop computer is built to highlight the numerous changes the GDPR will bring to organizations’ compliance programs in addition to IT systems and infrastructure to assist them to benchmark and get ready for their implementation and transition processes towards GDPR compliance. “We hope this report allows organizations to accelerate their progress toward true operationalization for GDPR readiness,” stated Dana Simberkoff, Chief Compliance and Risk Officer at AvePoint.
Laptop computer responses totalled 223 from predominantly multinational organisations, 93 percent which be employed in Europe, over fifty percent in america, and under half in South Usa and Asia. Telecommunication and technology companies were probably the most highly symbolized respondents, adopted by insurance and financial services companies, in addition to pharmaceutical and healthcare companies. Organisations’ annual revenue size ranged from under $a million to greater than $100 billion.
The GDPR signals the beginning of a brand new generation of information privacy laws and regulations and exercise in Europe and beyond, It’ll bring significant changes to data privacy government bodies, individuals, and organizations. It’ll modify the risk profile of organisations, impact their management, use and discussing of information, in addition to their IT systems and infrastructure.
Our GDPR benchmark report hones in on nine key trends that report to everyday business and compliance concerns, including:
- GDPR Impact: Respondents think that the facets of the GDPR which will possess the largest effect on their organisations would be the needs for any comprehensive privacy management program, use and contracting with processors, in addition to data security and breach notification. Not surprisingly, senior management is most worried about the GDPR’s enhanced sanction regime and also the data breach notification needs, in addition to the way the regulation will impact their data strategy and skill to make use of data.
- GDPR Readiness: Organisations seem to be within the different stages of preparation for that GDPR. Some have hired an information protection officer (DPO), many organizations are generally growing sources when preparing or while thinking about additional sources to satisfy the elevated obligations underneath the GDPR.
- Data Transfers Outdoors the EU: Organizations seem to use a multitude of mechanisms today for bandwith associated with internal human sources (HR), consumers/customers, and vendors. Based on responses, they continuously achieve this following the GDPR is implemented. Typically the most popular mechanisms today are, in climbing down order: Model Contracts, consent and necessity for contracts and Privacy Shield.
- Compliance Technology Tools and Software: Presently, organisations don’t seem to use broadly or get access to technology tools and software to assist with data privacy compliance tasks. Merely a minority of organisations use technology to automate and industrialise their Data Protection Impact Assessments (DPIAs), data classification and tagging policies, information systems inventories, and receiving the new data portability right.
Additional key issues covered within the GDPR benchmark report survey include consent and legit interest, DPIAs and Privacy by Design, the controller-processor relationship, security breach notification and the requirement for an all natural and collaborative method of GDPR implementation between senior management and also the legal, data privacy, information security along with other groups within the organization.
To gain access to the entire GDPR benchmark report, please visit AvePoint’s website.
For additional info on the CIPL, please go to the Centre’s website.