The state of privacy management in Belgian organisations
Say they are (very) mature in processing personal data
have documented their own personal data processing activities
are ready to start reporting data breaches
don’t know which personal data is sent to third parties
As from 25 May 2018, European as well as non-European organisations processing personal data of European citizens will be in scope of the new General Data Protection Regulation (GDPR). They will have to implement the new rules and must be able to demonstrate that they’re compliant with the new rules.
Only under a third (30%) of survey respondents declare that their organisation is already mature to very mature in processing personal data.
Results reveal that about 66% still has a lot of work to do to reach that same maturity level. This clearly indicates that Belgian organisations still have work ahead to become compliant by 25 May 2018.
Organisations might think that they still have sufficient time to take the necessary steps forward, as 25 May 2018 may seem a long way off. However, the complexity and the number of measures to be taken to comply with the GDPR should not be underestimated.
Not only from a technical point of view but also due to the cross-departmental and territorial impact on organisations. The principles with regard to the processing of personal data and rules should be fully integrated in the governance framework and be embedded in policies, processes and controls.
In addition, the sustainability of these GDPR related implemented measures should also be ensured.