UPDATE: The Survey Report is now available here.
On the heels of the EU Parliament’s formal adoption of the EU General Data Protection Regulation (GDPR) on April 14, 2016, Baker &McKenzie will be publishing the results of its 2016 EU GDPR and EU-US Privacy Shield Survey next week! Until then, subscribe for the b:INFORM newsletter to get updates and articles sent straight to your inbox.
Our survey report captures the views and expectations of over 100 privacy professionals regarding the GDPR and EU-US Privacy Shield, which were collected from April 4-6 during the International Association of Privacy Professionals’ 2016 Global Privacy Summit in Washington, DC.
“I think the survey responses clearly demonstrate that the majority of professionals in the privacy industry feel that the GDPR and Privacy Shield represent a call-to-action for organizations generally,” said Theo Ling, who chairs Baker & McKenzie’s Global Privacy and Information Management Steering Committee.
The survey explored respondents’ familiarity with and opinions on specific requirements under the GDPR, including its consent, data mapping, cross-border transfer, accountability, information security and privacy impact assessment requirements. Respondents widely agreed that organizations will need to invest at least some additional budget and effort to comply with the requirements under the GDPR, and the data mapping and cross-border transfer requirements under the GDPR were identified as some of the most challenging requirements that organizations will need to meet.
“Given the severe penalties of up to EUR 20 million or 4% of total global annual turnover in fines for non-compliance under the GDPR, organizations would be well-advised to begin taking steps to ensure that they understand and comply with the requirements under the GDPR,” noted Dyann-Heward Mills, a Data Protection Partner in Baker & McKenzie’s London office. To assist organizations in getting ready for the new rules under the GDPR, Baker & McKenzie has prepared the GDPR Game Plan.
The survey also homed in on respondents’ views of the EU-US Privacy Shield, the proposed successor to the EU-US Safe Harbor Program which was invalidated in October, 2015. The vast majority of survey respondents indicated that they were familiar with the EU-US Privacy Shield and some interesting insights emerged from their responses. In particular, the majority of privacy professionals who responded recommended that organizations sign up for Privacy Shield and implement data transfer agreements in the interim before the program is validated.
“It is noteworthy that a majority of respondents indicated that they would recommend that organizations should self-certify to the Privacy Shield, as it suggests that Privacy Shield will have a strong participation and following,” observed Brian Hengesbaugh, who chairs Baker & McKenzie’s Global Data Security Steering Committee and served on the core team that negotiated the U.S.-EU Safe Harbor Privacy Arrangement.
“All in all, the survey responses provide a snapshot of privacy professionals’ views of the GDPR and Privacy Shield prior to their implementation,” said Jonathan Tam, an Associate in the Information Technology and Communications Practice Group who helped to develop the survey and report. “It will be interesting to see how these views evolve once the regimes take effect.”
Click here for a complimentary copy of Baker & McKenzie’s 2016 EU GDPR and EU-US Privacy Shield Survey Report.