GPEN publishes annual Sweep

On May 9th, 2019, the „GPEN“(„Global Privacy Enforcement Network“) shared its “2018 Sweep”, an annual intelligence gathering that looked at how well organisations have implemented data privacy accountability into their internal privacy policies and programmes.

GPEN is a global network of more than 60 data protection agencies. The 2018 Sweep was a collaboration between  New Zealand’s (New Zealand Office of the Privacy Commissioner, “OPC”) and  UK’s (UK Information Commissioner’s Office, “ICO”) data protection authorities and was carried out by several data protection authorities across the globe.

The participating authorities reached out to 667 companies with a set of pre-determined questions that focus on key elements of responsible data protection. Those elements were:

• The importance of internal policies and procedures for data governance;
• Training and awareness;
• Transparency about data practices;
• The assessment and mitigation of risk;
• Incident Management.

Of the 667 organisations contacted, only 53% (356) provided substantive responses and a large point of those had appointed an individual or a team to ensure compliance with relevant data protection regulations.

The 2018 Sweep shows that many organisations are quite good at providing data protection training to their employees but companies have to ensure that those training are offered to all employees and happen on a regular basis. It was also found that several organisations have processes in place on how to deal with data subject complaints and how to handle data breaches.

Overall, most organisations are aware of data protection and have a good understanding of it. Nevertheless, they have to make sure that they have clear policies and procedures in place and monitor their performance regarding the relevant laws and regulations.