For the over 200 organisations responding to DLA Piper’s Data Privacy Scorebox online survey tool since January 2017, the average alignment score with all key international data privacy principles was 31.5 percent, as against an 38.3 percent average score for respondents in 2016. Contributor Helen Hall, legal director in the Employment group at DLA Piper.
Research by global law firm DLA Piper has shown that, six months ahead of implementation, many employers still have significant gaps in meeting requirements under the General Data Protection Regulation (GDPR).
Responses to DLA Piper’s Data Privacy Scorebox online survey tool for the period January 2017 to October 2017 have shown that respondents demonstrated a lower average level of preparedness than those during the period January 2016 to December 2016.
A detailed report discussing the findings in more detail will be released in January 2018 to mark Data Protection Day. DLA Piper launched the Scorebox in January 2016 to help organisations all over the world to assess their current levels of privacy maturity relative to industry peers. Respondents are asked a number of questions on areas such as storage of employee data, use of data and employees’ rights, and provided with a report based on a percentage score system, and recommendations.
Helen Hall, legal director in the Employment group at DLA Piper said: “Many employers in the UK are well advanced in their preparations, but many others are still in the earliest stages. The GDPR imposes new requirements when it comes to the storage and processing of employee data. We would urge any employer that hasn’t yet reviewed its GDPR preparedness to do so now, rather than risk substantial penalties when the regulation comes into force in May 2018.”
Patrick Van Eecke, “With only six months to go until GDPR, it is startling that on the face of it, responses to our Scorebox tool since January have indicated a fall rather than a rise in preparedness.
“We can conclude that the first wave of respondents, throughout 2016, was characterised by a higher level of GDPR awareness, and therefore of preparedness. In contrast, the second wave of respondents, since January 2017, may have realised more recently that GDPR is applicable to them, and therefore have further to go in their GDPR journey. It will be interesting to review the results by sector in our Global Data Privacy Snapshot 2018 report, to be released in January.”
The European General Data Protection Regulation (GDPR) will apply to all organisations processing the data of European Union citizens. The UK government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.