The GDPR is now less than one year away from coming into effect and organisations are eager to know where they stand compared to others. In order to understand the state of organisational readiness, we compiled information based on our global benchmarking research.

Supporting the privacy office and privacy professionals around the world, Nymity has embarked on an ongoing effort to research and benchmark the state of GDPR compliance, offering insights into how regulators and organisations can benchmark and measure GDPR compliance.

The 2017 report was based on an analysis of the aggregated data of a total of 190 organisations worldwide and 46 EU companies that baselined their privacy compliance and management programs. A wide variety of company sizes and industries are represented, with the largest industry concentrations in Finance, Professional Services and Manufacturing. The following are key insights from the report’s findings:

Organisations have invested heavily in GDPR compliance activities related to:

  • Data subject access rights
  • Breach management
  • Standard Contractual Clauses; and
  • Transparency requirements

Organisations are dedicating resources to records of processing activities requirements and procedures related to Data Protection Impact Assessments and Privacy by Design. The top ranked ‘in progress’ measure in the study related to maintaining a data inventory to address Article 30 requirements. This measure was also the top ranked ‘in progress’ measure in 2015. Overall, global organisations have made little progress in this area. They are prioritising measures that relate to DPIAs and Privacy by Design, but the implementation rates for these measures are currently quite low.

Over 50% of organisations have appointed a Data Protection Officer. The vast majority of organisations in the study identified appointing a data protection officer (DPO) as ‘applicable’, and 100% of financial company participants have already appointed a DPO.

To learn more download the full report here: