Every year, Data Legal Drive updates its GDPR barometer in partnership with Lefebvre Dalloz and AFJE.
Conducted by more than 300 companies and public bodies, this survey was conducted with data and privacy professionals and elevates the profession of DPOthe highlights of GDPR and data protection at a time of rapid change, shaken by current events…
Accelerating the digitization of GDPR compliance
This year, twice as many companies took the plunge to digitize their registry of personal data processing compared to 2019 when it was just 14%.
The real estate and tourism sectors are lagging behind, as only 13% of the structures in this sector have started digitizing their registry of personal data processing.
The main obstacle to the implementation of the GDPR compliance project is lack of time for 56% of the respondents.
According to Vivien Descamps, communications manager at Maas BT, this is “ a logical obstacle as many professionals juggle between their starting position and that of a data protection officer. »
Therefore, to accelerate their project, most companies rely on internal and external communication to raise awareness and educate different audiences.
The same proportion of responding organizations, 42% to be exact, have the will to demonstrate and explain with pedagogy that ethical data handling does not slow down business affairs.
More than every second company fears a CNIL test
The acceleration of the digitization of the protection of personal data could be explained by the fear of control by the CNIL, which affects almost 53% of companies.
In order to anticipate a possible control, companies are preparing and management is implementing long-term measures.
However, 20% of respondents believe that the Directorate-General validates actions and budgets more easily after a sanction has been imposed by the CNIL…
Cookies: A year later, companies have reacted!
At the forefront of top compliance projects in 2021, nearly 67% of organizations have integrated a CMP into their website this year.
A real awareness that in 2019 only 1 in 3 websites were GDPR compliant.
Since the new CNIL guidelines, companies feel helped and find it easier to obtain Internet users’ consent.
It remains to check that all the CMPs have been configured according to the recommendations of the CNIL…
The urgency in the face of cyber attacks
Since the health crisis, 75% of companies have rated the security level of their website like https protocol, data collection forms, etc.
Beyond this scrutiny, the multiplication of cyber attacks during the Covid period and the resumption of business activity by companies have led to a resilience of companies.
This year twice as many data protection officers and lawyers as in 2020 took concrete action with the implementation of security measures in accordance with Article 32 of the GDPR.
Google Analytics and Compliance: the priority for companies in the coming months
Almost 40% of companies using Google Analytics want to migrate to other analytics solutions that comply with the CNIL recommendations.
However, 25% hope to continue using Google Analytics thanks to a new configuration that respects the GDPR.
According to Vivien Descamps, communications manager at Maas BT, “ Leaving the Google bosom is also an opportunity to review French solutions. »
The new CCTs: Companies encounter difficulties in starting this project
48% of the companies did not start setting up new CCTs after the closure of Schrems 2 due to a lack of knowledge, but also due to a lack of time.
For the 38% who have started, the site is not finished yet as it is a work that takes place over time.
” In addition to the new CCTs, the Schrems 2 judgment adds the need to analyze each data transmission to assess whether it is necessary to add a technical framework to the contractual framework by adding additional security measures. ” notes Thomas Vini Pires, GDPR software consultant at Data Legal Drive.
E-learning: the employee training tool praised by data protection officials
To train employees on GDPR, the majority of companies have scheduled meetings with business departments (62%).
E-learning, hardly used last year, has benefited from a real boom this year, since more than 38% of respondents have entrusted the use of this tool in their structure.
Vocational training and seminars remain at the bottom of the ranking.
According to Thomas Vini Pires, it is a useful and valuable tool for data protection officers who ” Manage employee training progress thanks to monitoring statistics. In the event of an audit, the data protection officers can provide evidence that employees have been made aware and that audit trails are being examined. »