AvePoint and CIPL Assess Global Preparation for EU General Data Protection Regulation with First-Ever Readiness Benchmark Report

With indicators suggesting that organizations face much work ahead, AvePoint and CIPL partner to provide insight and guidance to ensure readiness for global impact of European data privacy mandate

Brussels— November 9, 2016 — AvePoint, the Microsoft Cloud expert and leader in data protection, and the Centre for Information Policy Leadership (CIPL) at Hunton & Williams, LLP, a global privacy think tank, today announced from the halls of the IAPP Europe Data Protection Congress the availability of the first-ever global benchmark report for the European Union General Data Protection Regulation (GDPR). Launched in May 2016, the survey compiles responses from 223 predominantly multinational organizations on their preparedness for GDPR implementation.

The European Union GDPR marks the beginning of significant changes to how companies manage and process personal data, their privacy compliance programs, as well as IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will come into force in May 2018.

“The GDPR signals the start of a new generation of data privacy laws and practice in Europe and beyond,” said Bojana Bellamy, President, CIPL. “The new law will affect the risk profile of organizations, impact their management, use and sharing of data, as well as their IT systems and infrastructure. But GDPR also represents an opportunity for organizations to consider data privacy compliance more strategically and holistically, as it becomes key to their data strategy and the digital transformation of their business.”

The report highlights nine key trends that relate the most to everyday business and compliance concerns, including:

GDPR Impact: Respondents believe that the aspects of the GDPR that will have the largest impact on their organizations are the requirements for a comprehensive privacy management program, use and contracting with processors, as well as data security and breach notification. As expected, senior management is most concerned about the GDPR’s enhanced sanction regime and the data breach notification requirements, as well as how the regulation will impact their data strategy and ability to use data.

Data Transfers Outside the EU: Organizations appear to use a wide variety of mechanisms today for data transfer related to internal human resources (HR), consumers/customers, and vendors. According to responses, they will continue to do so after the GDPR is implemented. The most popular mechanisms today are, in descending order: Model Contracts, consent and necessity for contracts, as well as Privacy Shield.

Compliance Technology Tools and Software: Currently, organizations do not appear to widely use or have access to technology tools and software to aid with data privacy compliance tasks. Only a minority of organizations use technology to automate and industrialize their data protection impact assessments (DPIAs), data classification and tagging policies, data processing inventories, and delivery of the new data portability right.

“This GDPR survey report is designed to help organizations understand and benchmark the key operational impacts of the regulation and to support their internal change management program,” said Dana Simberkoff, Chief Compliance and Risk Officer, AvePoint. “We hope that this report will allow organizations to accelerate their progress toward true operationalization for GDPR readiness.”

To access the full report, please visit the AvePoint website. For more information on CIPL, please visit the Centre’s website.

All product and company names herein may be trademarks of their registered owners.