For 40% of companies containment favored the GDPR
GDPR 2 years later: results of the COVID19 & RGPD survey carried out by Data Legal Drive, in partnership with Dalloz, Éditions Législatives, AFJE and DS Avocats [among 209 respondents from April 16 to May 17, 2020, DPO and lawyers]
Have internal and external DPOs been able to take advantage of this particular moment of telecommuting to advance on substantive elements of the GDPR? If yes, which ones? Or has containment slowed everything down? What was the behavior of companies during containment regarding their compliance?
Companies took advantage of containment to update their GDPR compliance 40% of DPOs and jurists questioned took advantage of the containment to deal with the substantive subjects of GDPR compliance for their company, and in particular, for almost half of the respondents, the updating of the famous processing register. One of them says: « The confinement allowed us to have the time and tranquility necessary to move forward on the subject. »
Sylvain Staub, CEO of Data Legal Drive & Partner of DS Avocats: « In the early days of the health crisis, some may have believed that GDPR compliance would be relegated to Greek calendars. In reality, it is quite the opposite, of course, that happened. The establishment of containment has massively allowed companies to become fully aware of the way to go: massive teleworking requires an advanced HR (re) organization, with questions of social law and privacy, and (re) upgrading of data security processes. »
Telecommuting has strengthened business security
In terms of security, this is one of the factors for which containment has made it possible to overhaul processes deemed essential due to the telecommuting situation. This situation has, in fact, the virtue of accelerating this aspect for a third of respondents.
One of them says: « The forced development of telework and remote access to professional tools has accelerated and strengthened the organization’s compliance with the GDPR. »
However, if a third of the respondents stated that they did not need to modify the security processes already up to date, the last third did nothing, when there might have been a need to conduct a security review. One of them says: « The context of the health crisis has put the protection of personal data and, more generally, the data security aspect. Work resources have been deployed without the approval of CIOs and DPOs, jeopardizing the security of infrastructures and data when the context demands extreme vigilance. »
30% of companies offered GDPR training to their employees
Concerning the awareness and training of employees in the GDPR, one of the elements of Accountability that any company must be able to produce, confinement enabled an upgrade for 30%. A third did not take advantage of it, believing, certainly rightly, that it was not the priority of the moment. Almost 40% nevertheless believe they can afford to conduct training in the coming weeks.
One of them says: « All of our employees were trained on the CNIL’s Mooc. The DPO was more available to deal with substantive legal questions. »
Another major GDPR project: the implementation in accordance with websites Only 1 on 3 websites would be 100% GDPR compliant, and this rate has not changed since the study conducted in 2019 by the same partners. However, confinement would have - salutarily - enabled more than half of the DPOs responding and responsible for this treatment to focus again on this essential site which is a showcase for any business.
The major conclusion...
Overall, the 2020 survey reveals that if the train was at the platform in 2019, it left in 2020! This period of confinement was one of the locomotives of what can be called "the revolution of governance of personal data".
The survey continues! There is still time to participate in our great survey and give your opinion ...