Over 250 companies responded to DLA Piper's Global Data Privacy Scorebox (online survey tool) in 2016. The research therefore demonstrates how much companies in the world still have a limited awareness of data protection and how much work there is still to be done in view of May 2018, when the new European regulation GDPR, General Data will enter into force in all respects Protection Regulation, which will apply to companies operating within the EU and to non-EU companies offering goods or services within the Union.
The analysis of the average figure of compliance with all the obligations deriving from the legislation on the protection of personal data at an international level is equal to 38,3%. Larger companies reported higher levels of topic maturity on average than small companies (39% vs. 33,5%)
The international law firm DLA Piper has published a report showing how corporate privacy procedures, globally, have gaps in compliance with increasingly stringent international standards on the subject. Of particular interest is the data that reveals how many companies would not be able to fulfill the obligations deriving from the legislation on the protection of personal data, pursuant to the new European regulation (GDPR, General Data Protection Regulation) which will apply to companies operating within the EU and to non-EU companies offering goods or services within the Union. The UK government has confirmed that the decision to leave the EU will not affect the start of the application of the GDPR.
Although most of the companies interviewed show that they are aware of the upcoming data protection obligations, the level of actions taken to fulfill the obligations and adjust to the new standards has so far been found to be still low. Companies that do not comply with the GDPR from next May 2018 could be subject to fines equal to 4% of their annual global turnover.
The research therefore demonstrates how much companies in the world still have a limited awareness of data protection and how much work there is still to be done in view of May 2018, when the new European regulation GDPR, General Data will enter into force in all respects Protection Regulation, which will apply to companies operating within the EU and to non-EU companies offering goods or services within the Union.
Patrick Van Eecke, Partner and Global Co-Chair of DLA Piper's Data Protection practice, said: “The responses highlight how many companies have yet to commit to defining and enforcing data protection practices. In particular, those operating in Europe will have to improve their score to avoid the potentially substantial fines foreseen since May 2018 by the GDPR as well as the serious reputational damages, also given the growing awareness of individuals on data protection rights. With an increasing number of companies that will value the use of data in their activities, the protection of these and privacy will be a topic that will acquire ever greater importance: it is therefore essential that companies invest now in strategies and procedures aimed at meet legal obligations".
Jim Halpert, US Co-Chair of DLA Piper's global Data Protection practice warns, “Privacy requirements, such as privacy by design, the right to data portability, and practices that document detailed data processing operations are becoming increasingly complex, therefore compliance requires a significant commitment in terms of concrete actions and time. In this sense, the results are not surprising. Despite this, the commitment to compliance is already required this year, not next”. Adds Giangiacomo Olivi, Partner and group manager
Intellectual Property & Technology by DLA Piper: “Companies are starting to understand the importance of protecting personal data as a tool to differentiate themselves from the competition. In order to seize the opportunities deriving from technologies and the increasingly massive availability of data, a change of mentality of many companies and a new approach in legal compliance will be necessary".
