Privacy governance survey

The state of privacy management in Belgian organisations

The reform of EU data protection rules has major consequences for companies

As from 25 May 2018, European as well as non-European organisations processing personal data of European citizens will be in scope of the new General Data Protection Regulation (GDPR). They will have to implement the new rules and must be able to demonstrate that they’re compliant with the new rules.

Only under a third (30%) of survey respondents declare that their organisation is already mature to very mature in processing personal data.

Results reveal that about 66% still has a lot of work to do to reach that same maturity level. This clearly indicates that Belgian organisations still have work ahead to become compliant by 25 May 2018.

How mature is processing of personal data?

Key findings

  • The majority of the organisations who considers themselves to be mature to very mature, in processing personal data, are also still working on their GDPR implementation.
  • Only a limited number currently have adequate insight into their own personal data processing activities. 
  • Few organisations have a data breach communication plan and are ready to report data breaches. 
  • More than half haven’t yet performed a data protection impact assessment.  
  • Not all employees, involved in the processing of personal data, have already been trained about the GDPR impact and privacy risks in general.
  • Organisations have not yet engaged in a trust-building initiative towards their external stakeholders. The value of GDPR seals and certifications is not well known.
Man holding a tablet

Organisations might think that they still have sufficient time to take the necessary steps forward, as 25 May 2018 may seem a long way off. However, the complexity and the number of measures to be taken to comply with the GDPR should not be underestimated.

Not only from a technical point of view but also due to the cross-departmental and territorial impact on organisations. The principles with regard to the processing of personal data and rules should be fully integrated in the governance framework and be embedded in policies, processes and controls.

In addition, the sustainability of these GDPR related implemented measures should also be ensured.

Contact us

Pascal Tops
Tel: +32 0(3) 259 3356

Bart Kuipers
Tel: +32 (0)2 710 9754

Jan De Meyer
Tel: +32 (0)2 710 4286

Follow PwC Belgium