欧洲数字版权中心：GDPR不合规文化（英文版）（23页）.pdf

1、Numbers of evidence-based enforcement effortsGDPR:a culture of non-compliance?noyb.euExecutive SummaryGDPR compliance gap.In May 2018,the General Data Protection Regulation(GDPR)first applied to the processing of personal data in the EU.While it once pro-mised to usher in a new era of stricter data

2、protection through strict enforcement and high fines,the practical experience suggests that the daily practice still lacks behind its political promises.What was missing until today:objective evidence on compliance and evidence-based enforcement and compliance strategies.Evidence-based compliance ef

3、forts.In other areas of the law,extensive sociolo-gical,psychological,and practical evidence was generated to develop effective and efficient enforcement and bring law and practice closer together.Such evidence is largely missing when it comes to GDPR compliance.For this reason,noyb con-ducted a sur

4、vey that is supposed to serve as a starting point for evidence-based compliance approaches.In our survey,we targeted data protection professionals people who are at the forefront of compliance efforts and have unique knowledge of the internal decision processes of controllers and processors.The aim

5、of this questionnaire was to gain a deeper insight into the organisational drivers that lead to more GDPR compliance,to advance knowledge on the most important internal and external factors,and to derive key takeaways for future effective internal com-pliance work and enforcement efforts.74.4%assume

6、 relevant violations at an average company.More than 1,000 pri-vacy professionals,largely working as data protection officers(DPOs)or internal compliance departments of large companies,answered our questionnaire.While the survey shows that at least awareness of privacy issues grew during the last fi