Privacy Group Works to Prepare Members for New EU Regulations
The International Association of Privacy Professionals, which says that many corporations are working to implement the European Union’s General Data Protection Regulation before a 2018 deadline, recently released a tool to help ease compliance efforts.
Companies operating in the European Union have a difficult task in front of them in the coming years, and the International Association of Privacy Professionals (IAPP) is working to help.
The EU General Data Protection Regulation (GDPR), which take effect in May 2018, will fine corporations in the case of data breaches. It also requires a complicated implementation process, which means that many corporations are currently working on the issue. In particular, the rule mandates the addition of an on-staff data protection officer (DPO) to manage compliance strategies.
(And even the United Kingdom, which is planning to leave the EU as part of the Brexit, will be implementing the regulation, at least at first.)
Many EU corporations—more than 90 percent of corporations with privacy professionals, in fact—are working to implement the regulations, according to an IAPP report released this week [PDF]. The IAPP / TRUSTe GDPR Privacy Benchmarking Study found that the firms are generally using a combination of technology tools and manual processes.
The study found that nearly half (46 percent) of all firms surveyed already had a DPO in place, while another 22 percent planned to appoint an internal resource to the role. In comments on the survey, IAPP President and CEO J. Trevor Hughes noted that privacy professionals have traditionally struggled with small budgets and limited resources, though they have worked smartly around such limitations.
“Clearly, IAPP members are taking the GDPR’s DPO requirement seriously, with many of them well on their way toward creating a GDPR compliance program,” Hughes said in a news release. “As the research shows, privacy program leaders are resourceful, but increasingly pressed for time and resources.”
One way that IAPP is working to assist its members is through the launch of an online platform, with the help of the company OneTrust, which will help companies that are interested in moving personal data outside of the European Union. The EU Data Transfer Kit relies on a questionnaire to create a plan of action and track progress toward that goal.
“Built with insight from our members, this new tool is a great example of the IAPP community working together to help each other meet whatever privacy and data protection challenges are presented by an ever-changing regulatory environment,” Hughes said in a news release.