2 years after the GDPR: discover the results of the major COVID19 & RGPD survey carried out by Data Legal Drive and 5 major partners

Have internal and external DPOs been able to take advantage of this particular moment of telecommuting to advance on substantive elements of the GDPR? If yes, which ones? Or has containment slowed everything down? What was the behavior of companies during containment regarding their compliance?

Find out in the results, presented in the form of a live infographic, of the study conducted in partnership with Dalloz, Éditions Législatives, AFJE and DS Avocats with 216 respondents from April 16 to May 22, 2020, DPO and lawyers, as well as through its analysis below

In the early days of the health crisis, some people might have thought that GDPR compliance would be relegated to Greek calendars. In reality, it’s of course the complete opposite that has happened. The implementation of containment has massively enabled companies to become fully aware of the way to go: massive telecommuting requires an advanced HR (re) organization, with questions of social law and privacy, and a (re) update. level of data security processes.

Sylvain Staub, CEO of Data Legal Drive & partner of DS Avocats

Consult the live infographic of the results thanks to our interactive datvisualization

Companies took advantage of containment to update their GDPR compliance

40% of DPOs and jurists questioned took advantage of confinement to deal with the substantive subjects of GDPR compliance for their company, and in particular, for almost half of the respondents, the updating of the famous processing register.

One of them says:

“The confinement has given us the time and tranquility to move forward on the subject.”

Telecommuting has strengthened business security


Security measures - Extract from the study's datavisualisation - ©Pocket Result

In terms of security, this is one of the factors for which containment has made it possible to overhaul processes deemed essential due to the telecommuting situation. This situation has, in fact, the virtue of accelerating this aspect for a third of respondents.

One of them says:

“The forced development of telecommuting and remote access to professional tools has accelerated and strengthened the organization’s compliance with the GDPR.

However, if a third of the respondents stated that they didn’t need to modify the security processes already up to date, the last third did nothing, when there might have been a need to conduct a security review.

One of them says:

“The context of the health crisis has placed the protection of personal data and more generally the data security aspect. Work resources have been deployed without the approval of the CIOs and the DPO, endangering the security of infrastructure and data while the context requires extreme vigilance. “

30% of companies offered GDPR training to their employees

Collaborators formation - Extract from the study's datavisualisation - ©Pocket Result

Concerning the awareness and training of employees in the GDPR, one of the elements of Accountability that any company must be able to produce, confinement enabled an upgrade for 30%. A third didn’t take advantage of it, believing, certainly rightly, that it was not the priority of the moment. Almost 40% nevertheless believe they can afford to conduct training in the coming weeks.

One of them says:

“All of our employees were trained on the CNIL Mooc. The DPO has been more available to deal with substantive legal issues.

Find the study press release

Another major GDPR project: the compliance of websites

Website compliance - Extract from the study's datavisualisation - ©Pocket Result

Only 1 on 3 websites would be 100% compliant with the GDPR, and this rate hasn’t changed since the study conducted in 2019 by the same partners.

However, confinement would – in a salutary manner – have enabled more than half of the DPOs responding and responsible for this treatment to focus again on this essential site which is a showcase for any business.

The major conclusion …

Overall, the 2020 study reveals that if the train was at the platform in 2019, it left in 2020!

This period of confinement was one of the locomotives of what can be called “the revolution of governance of personal data“.

Editions LégislativesDallozAFJEDS AvocatsPocket Result