Nymity Releases Important Findings from Their 2017 Privacy Study:
GDPR Compliance Benchmarking: Measuring Accountability

HONG KONG – September 27, 2017 — Nymity today has released findings from their latest privacy study: GDPR Compliance Benchmarking: Measuring Accountability at the International Conference of Data Protection and Privacy Commissioners in Hong Kong.

Supporting the privacy office and privacy professionals around the world, Nymity has embarked on an ongoing effort to research and benchmark the state of GDPR compliance, offering insights into how regulators and organisations can benchmark and measure GDPR compliance.

Nymity’s 2017 report was based on an analysis of the aggregated data of a total of 190 organisations worldwide and 46 EU companies that baselined their privacy compliance and management programs using the Nymity Privacy Management Accountability Framework™ and Nymity’s automated benchmarking tool, Nymity Benchmarks™. A wide variety of company sizes and industries are represented, with the largest industry concentrations in Finance, Professional Services and Manufacturing. The following are key insights from the report’s findings:

Organisations have invested heavily in GDPR compliance activities related to:
  • Data subject access rights
  • Breach management
  • Standard Contractual Clauses; and
  • Transparency requirements
Organisations are dedicating resources to records of processing activities requirements and procedures related to Data Protection Impact Assessments and Privacy by Design.

The top ranked ‘in progress’ measure in the study related to maintaining a data inventory to address Article 30 requirements. This measure was also the top ranked ‘in progress’ measure in 2015. Overall, global organisations have made little progress in this area. They are prioritising measures that relate to DPIAs and Privacy by Design, but the implementation rates for these measures are currently quite low.

Over 50% of organisations have appointed a Data Protection Officer.

The vast majority of organisations in the study identified appointing a data protection officer (DPO) as ‘applicable’, and 100% of financial company participants have already appointed a DPO.

“Nymity’s 2017 GDPR Compliance Benchmarking study is a unique and valuable insight for regulators because it shows how organizations are preparing for coming changes in data protection law worldwide. It can help them to prepare their own priorities and actions as well as prepare and train their staff given their limited resources,” said Jennifer Stoddart, Regulator Advisor – Demonstrating Compliance Project and former Privacy Commissioner of Canada.

“The latest enhancements to Nymity Benchmarks allow for more robust and detailed reporting capabilities such as communicating the status of privacy management for specific compliance obligations such as the GDPR or showing how the organisation compares to others of the same size or in similar industries or regions,” commented Terry McQuay, Nymity’s President and Founder.

Accountability and Demonstrating compliance have been key topics for Nymity-funded research for a number of years. This research has led to the creation of several tools and documents available to the privacy community. Click here for more information or to speak to one of Nymity’s privacy experts.