Data Protection Authorities not effectively enforcing GDPR, study finds
74% of data protection professionals believe that data protection authorities (DPAs) would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.
A new survey by noyb, the European Center for Digital Rights, has revealed that 74% of data protection professionals believe that data protection authorities (DPAs) would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.
The survey, which polled over 1,000 data protection professionals working in European companies, also found that 70% of respondents believe that DPAs need to issue clear decisions and enforce the GDPR to ensure compliance.
Max Schrems, Honorary Chairman of noyb, said that the findings are "extremely alarming" and called for "tougher enforcement and clearer DPA and court decisions that force companies to bring their data processing into compliance."
The survey also found that DPOs are under pressure from various sides to prioritize business interests, and that 56% of respondents said it was difficult to convince the marketing department to make the necessary changes to improve compliance.
Despite the alarming findings, the survey also found that 59% of respondents believe that most companies would "mostly" comply with the GDPR's "core rules." However, practical experience suggests that the outsiders' view may be even worse than the insiders' view.
"The only realistic solution to this problem is clear: tougher enforcement and clearer DPA and court decisions that force companies to bring their data processing into compliance," said Schrems.
Key findings of the study GDPR a culture of non-compliance
Data Protection Authority (DPAs) are not effectively enforcing the General Data Protection Regulation (GDPR).
74% of data protection professionals believe that DPAs would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.
70% of respondents believe that DPAs need to issue clear decisions and enforce the GDPR to ensure compliance.
DPOs are under pressure to prioritize business interests, and 56% of respondents said it was difficult to convince the marketing department to make the necessary changes to improve compliance.
59% of respondents believe that most companies would "mostly" comply with the GDPR's "core rules."
52% said that another company's loss of reputation already has a positive effect on their own company's compliance.
Methodology
The survey was conducted online in November 2023. The target audience was data protection officers (DPOs) and professionals working in the field of GDPR compliance.
The survey included questions about companies' GDPR compliance, the difficulty of convincing other departments or employees within a company of GDPR compliance, the most relevant factors that influence GDPR compliance, and the company size, the company being subject to the GDPR, and the profession of the respondents.