Time To Look Beyond GDPR Compliance In Your Privacy Journey

In its 2018 annual report, the CNPD (National Commission for Data Protection) outlines its activities following the entry into force of GDPR in May of the same year.

Join us as we take a closer look at some of the key findings impacting every organization's privacy journey.

Individuals' rights: the number of complaints has more than doubled

In 2018, the CNPD received 450 enquiries (compared to 200 the previous year). This sharp rise not only indicates that people are feeling increasingly concerned about their privacy, but that companies are failing to adequately address these concerns - and provide straightforward, easy-to-understand responses.

So, what are the top three concerns?

Denied access to data (24%) Request to delete or rectify data not carried out (16%) Lawfulness of the personal data processing activities (15%) In an era where transparency and the rights of individuals should be at the center of privacy programs, these telling figures show that it is still work in progress.

It is worth remembering that companies must be prepared to handle such requests. The "wait-and-see" approach just won't cut it given the 30-day response time imposed by GDPR. For requests to be handled appropriately, a multitude of questions must be taken into account: Is the DPO timely involved throughout the process? Are response times monitored? How is the legitimacy of the request ensured? Were test cases performed? The list goes on.

Data breaches: basic errors could spell serious consequences

Between May and December 2018, 172 data breaches were reported by the CNPD. The main culprits?

Non-malicious, internal human error Hacking Did you know that roughly half of all data breaches are due to personal data being sent to the wrong recipient? This means that organizations can invest in security processes, procedures and monitoring tools (access control, data leak prevention etc.), but the first vector of security breach remains the employee.

While human behavior can certainly not be error-free, it is crucial to train the staff on security and privacy topics and create awareness among employees. It really does...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT