Our technology-based society relies so heavily on personal data that this sensitive information has become a commodity in itself. How can we know who has personal information on us, what it’s used for and how well it’s protected?
GDPR came into effect in May last year, with the aim of giving EU citizens more control over their personal data. We recently engaged with 28 global companies to find out how they are tackling GDPR regulations, and were pleasantly surprised by the frank and open discussions we had over their progress and shortcomings.
Although data privacy is being taken seriously, the scale of the task at hand means this transformation is far off completion, with very few companies claiming 100% compliance – although we expect this to change over 2019.
The most striking discovery we made was the need for more consistent disclosure, so we formulated a high-level framework that covers the most important aspects of GDPR compliance, and shared this with the companies we engaged with to encourage them to use it for future reporting.