Data Protection Authorities not effectively enforcing GDPR, study finds

74% of data protection professionals believe that data protection authorities (DPAs) would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.

GDPR a culture of non-compliance Study
GDPR a culture of non-compliance Study

A new survey by noyb, the European Center for Digital Rights, has revealed that 74% of data protection professionals believe that data protection authorities (DPAs) would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.

The survey, which polled over 1,000 data protection professionals working in European companies, also found that 70% of respondents believe that DPAs need to issue clear decisions and enforce the GDPR to ensure compliance.

Max Schrems, Honorary Chairman of noyb, said that the findings are "extremely alarming" and called for "tougher enforcement and clearer DPA and court decisions that force companies to bring their data processing into compliance."

The survey also found that DPOs are under pressure from various sides to prioritize business interests, and that 56% of respondents said it was difficult to convince the marketing department to make the necessary changes to improve compliance.

Despite the alarming findings, the survey also found that 59% of respondents believe that most companies would "mostly" comply with the GDPR's "core rules." However, practical experience suggests that the outsiders' view may be even worse than the insiders' view.

"The only realistic solution to this problem is clear: tougher enforcement and clearer DPA and court decisions that force companies to bring their data processing into compliance," said Schrems.

Is Ireland enforcing GDPR?
Germany, France, Spain, and Italy show concerns with Ireland’s lack of action in enforcing GDPR.

Key findings of the study GDPR a culture of non-compliance

Data Protection Authority (DPAs) are not effectively enforcing the General Data Protection Regulation (GDPR).

74% of data protection professionals believe that DPAs would find "relevant violations" if they conducted an on-site investigation at an average company handling user data.

70% of respondents believe that DPAs need to issue clear decisions and enforce the GDPR to ensure compliance.

DPOs are under pressure to prioritize business interests, and 56% of respondents said it was difficult to convince the marketing department to make the necessary changes to improve compliance.

59% of respondents believe that most companies would "mostly" comply with the GDPR's "core rules."

52% said that another company's loss of reputation already has a positive effect on their own company's compliance.

Methodology

The survey was conducted online in November 2023. The target audience was data protection officers (DPOs) and professionals working in the field of GDPR compliance.

The survey included questions about companies' GDPR compliance, the difficulty of convincing other departments or employees within a company of GDPR compliance, the most relevant factors that influence GDPR compliance, and the company size, the company being subject to the GDPR, and the profession of the respondents.

Subscribe to our newsletter for just $10/year and get marketing news delivered straight to your inbox. By subscribing, you are supporting PPC Land. You can also follow PPC Land on LinkedIn, Bluesky, Reddit, Mastodon, X, Facebook, and Google News.

Subscribe via email

Don’t miss out on the latest marketing news. Sign up now to get the articles directly in your email.
jamie@example.com
Subscribe