- For the over 250 organisations responding to DLA Piper's Data Privacy Scorebox online survey tool in the last year, the average alignment score with all key international data privacy principles was 38.3%
- Larger organisations reported on average higher levels of data protection maturity than smaller companies, of 39.% against 33.5%
Global law firm DLA Piper has released a report showing that company global privacy programs have gaps in meeting increasingly demanding global privacy principles. Of particular note, it appears that many companies are falling short of data protection obligations under the General Data Protection Regulation (GDPR).
While organisations are for the most part aware of upcoming data protection obligations, levels of maturity to meet the new standards are as yet still low. Companies failing to comply with the GDPR after its implementation in May 2018 could face fines as high as 4% of global annual turnover.
The report, released in advance of International Data Protection Day on January 28th, is based on the over 250 responses to DLA Piper's Data Privacy Scorebox online survey tool, launched in January 2016.
DLA Piper launched the Scorebox in January 2016 to help organisations all over the world to assess their current levels of privacy maturity relative to industry peers. Respondents are asked a number of questions on areas such as storage of data, use of data and customers' rights, and provided with a report based on a percentage score system, and recommendations.
Patrick Van Eecke, Partner and Global Co-Chair of DLA Piper's Data Protection practice, said:
"The responses show that many organisations still have work to do on their data protection procedures. Any organisations operating in Europe will need to see major improvements in their score by May 2018 if they are to avoid potentially heavy financial penalties under the GDPR, not to mention serious reputational damage as people become more and more aware of their rights in this area.
"With more and more organisations putting data at centre stage, data protection will become an increasingly prominent issue. It is vital that organisations invest now in the strategy and processes needed to help them to meet their obligations."
Jim Halpert, the US Co-Chair of DLA Piper's Global Data Protection practice, said:
"As privacy requirements, such as privacy by design, data portability and extensively documenting a privacy program, become more complex, compliance demands significant operational work that takes time. In this sense, the results are not surprising. However, the time step up compliance efforts is this year, not next.”
The European General Data Protection Regulation (GDPR) will apply to processing carried out by organisations operating within the EU and to organisations outside the EU that offer goods or services to individuals in the EU. The UK government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.