AvePoint and CIPL Assess Global Preparation for EU General Data Protection Regulation with First-Ever Readiness Benchmark Report

With indicators suggesting that organizations face much work ahead, AvePoint and CIPL partner to provide insight and guidance to ensure readiness for global impact of European data privacy mandate

Brussels— November 9, 2016 — AvePoint, the Microsoft Cloud expert and leader in data protection, and the Centre for Information Policy Leadership (CIPL) at Hunton & Williams, LLP, a global privacy think tank, today announced from the halls of the IAPP Europe Data Protection Congress the availability of the first-ever global benchmark report for the European Union General Data Protection Regulation (GDPR). Launched in May 2016, the survey compiles responses from 223 predominantly multinational organizations on their preparedness for GDPR implementation.

The European Union GDPR marks the beginning of significant changes to how companies manage and process personal data, their privacy compliance programs, as well as IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will come into force in May 2018.

“The GDPR signals the start of a new generation of data privacy laws and practice in Europe and beyond,” said Bojana Bellamy, President, CIPL. “The new law will affect the risk profile of organizations, impact their management, use and sharing of data, as well as their IT systems and infrastructure. But GDPR also represents an opportunity for organizations to consider data privacy compliance more strategically and holistically, as it becomes key to their data strategy and the digital transformation of their business.”

The report highlights nine key trends that relate the most to everyday business and compliance concerns, including:

GDPR Impact: Respondents believe that the aspects of the GDPR that will have the largest impact on their organizations are the requirements for a comprehensive privacy management program, use and contracting with processors, as well as data security and breach notification. As expected, senior management is most concerned about the GDPR’s enhanced sanction regime and the data breach notification requirements, as well as how the regulation will impact their data strategy and ability to use data.

Data Transfers Outside the EU: Organizations appear to use a wide variety of mechanisms today for data transfer related to internal human resources (HR), consumers/customers, and vendors. According to responses, they will continue to do so after the GDPR is implemented. The most popular mechanisms today are, in descending order: Model Contracts, consent and necessity for contracts, as well as Privacy Shield.

Compliance Technology Tools and Software: Currently, organizations do not appear to widely use or have access to technology tools and software to aid with data privacy compliance tasks. Only a minority of organizations use technology to automate and industrialize their data protection impact assessments (DPIAs), data classification and tagging policies, data processing inventories, and delivery of the new data portability right.

“This GDPR survey report is designed to help organizations understand and benchmark the key operational impacts of the regulation and to support their internal change management program,” said Dana Simberkoff, Chief Compliance and Risk Officer, AvePoint. “We hope that this report will allow organizations to accelerate their progress toward true operationalization for GDPR readiness.”

To access the full report, please visit the AvePoint website. For more information on CIPL, please visit the Centre’s website.

About AvePoint

Securing the Future. AvePoint is the global leader in data management and data governance, and over 21,000 customers worldwide rely on our solutions to secure the digital workplace across Microsoft, Google, Salesforce and other cloud environments. AvePoint's global partner program includes over 3,500 managed service providers, value added resellers and systems integrators, with our solutions available in more than 100 cloud marketplaces. To learn more, visit https://www.avepoint.com.

About the Centre for Information Policy Leadership (CIPL)

The Centre for Information Policy Leadership (CIPL) is a global privacy and security think tank based in Washington, DC, Brussels and London. Founded in 2001 by leading companies and Hunton & Williams LLP, CIPL works with industry leaders, regulatory authorities and policy makers to develop global solutions and best practices for privacy and responsible use of data to enable the modern information age. More details can be found at www.informationpolicycentre.com.

About Hunton & Williams LLP

Hunton & Williams is a global law firm of more than 750 lawyers serving clients in the United States, Europe, Latin America, and Asia. The firm handles transactional, litigation and regulatory matters for a diverse client base, with significant experience in retail and consumer products, energy, financial services, real estate, and privacy and cybersecurity. Visit our website at hunton.com and Privacy and Information Security Law Blog at huntonprivacyblog.com. Follow us on Twitter, LinkedIn, and YouTube.

CIPL Media Contact

Chris Wilson – Hunton & Williams LLP
Tel: +44 (0) 20 7284 6945
Email: cwilson@theproffice.com

Media Contact

Nicole Caci


(201) 201-8143

Investor Contact

Jamie Arestia


(551) 220-5654