Will the Dutch Data Protection Authority show its teeth?

On July 17th 2018, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) announced to start investigating 30 large organisations on compliancy with the EU Privacy Regulations. A random selection from organisations in 10 private sectors will soon be under scrutiny for having set up a proper Article 30 Registry.

The outcome of this research will be of interest to many actors involved in the privacy area. The result of this research will be of even greater interest. Will the Dutch Data protection Authority show its teeth and start issuing serious warnings or even fines? Time will tell.

Recent GDPR research

Dimensional Research, on behalf of TrustArc, recently conducted a comparison between 600 US, UK and EU companies on their GDPR Compliance Status. The participating companies included a mix of small, mid-sized and large companies, from all major industry sectors.

A couple of key findings are worthwhile sharing:

• 20% of the companies believe they are now compliant, 53% are still implementing and 27% have not started their efforts;
• 93% expect to be compliant by the end of 2019;
• 68% have spent more than six figures already on GDPR compliance;
• 65% of respondents view GDPR as having a positive impact on their business and only 15% view the GDPR as having a negative impact on it;
• 80% plan to increase their spending on GDPR technology and tools to maintain compliance.

Maintaining and managing GDPR compliance is the top priority for the respondents. A second goal for the respondents is to be able to demonstrate that their companies are GDPR-compliant. In addition to producing Article 30 and Article 35 reports, 50% of the respondents intend to seek a GDPR validation for their programs, rather than wait for the issuance of the official GDPR certification.

How to stay in shape

The greatest challenges for the respondents to becoming GDPR compliant included the complexity of the regulation and the shortage of qualified internal staff and privacy expertise needed to deal with those complexities, in other words they need Privacy Sherpas! With all the companies aiming to get and stay compliant, the shortage on the market will still be a serious challenge.

DPA Privacy sherpas can help your organisation to reach Privacy Basecamp and beyond. They can lead your internal team and act as a remote Data Protection Officer on demand. Please contact us or visit our page.