According to a study by Data Legal Drive, in partnership with Dalloz, Éditions Législatives, AFJE and DS Avocats, many took advantage of the confinement to improve their compliance with the European text.
During the confinement period, we mainly mentioned the “degraded mode” and the various technical and human constraints. But if we are to believe this study, carried out on April 16 to May 17, 2020, with data protection officers (DPOs) and lawyers, this period was used to strengthen its compliance.
40% of the 209 respondents to this survey indeed used confinement to deal with “the substantive subjects of GDPR compliance in their business” and more particularly, for half of the respondents, to update the register of treatments.
In terms of safety, according to the authors of the study, confinement made it possible “to overhaul processes deemed essential because of the telework situation”. Thus, a third of the respondents estimated that confinement had made it possible to speed up the securing of businesses.
Still on the subject of the protection of personal data, a third of respondents said that they did not need to modify the security processes: they would ensure the confidentiality of this information.
The other organizations, also a third party, have not started anything when the situation requires a reworking of the processes, better control of access to data …
“The context of the health crisis has placed the protection of personal data in the second rank and more generally the data security aspect. Work resources have been deployed without the advice of the CIOs and the DPO, endangering the security of infrastructure and data while the context requires extreme vigilance. “Explains a professional who responded to this survey.
Human being an essential link in this compliance with the GDPR, 30% of companies have set up specific training. Again, another 30% said it was not a priority during this period. Finally, 40% of respondents should launch such training in the coming weeks.
Finally, in terms of website compliance, confinement allowed half of the respondents and controllers to focus on this “showcase” of GDPR compliance.Source: Data Legal Drive