The main lessons of the GDPR study 'the DPO: from function to job'

The main lessons of the GDPR study 'the DPO: from function to job'
Antoine BIDAULT

On the occasion of the conference of the AFCDP on June 26 at the Maison de la Chimie in Paris to which DASTRA was able to attend, a large survey on the DPO was presented to the assistance by the National Agency for the Professional Training (AFPA) to better identify the dynamics and challenges in terms of employment and training related to the GDPR.

The survey, result of extensive online survey and interview work, mobilized 1265 respondents between March and April 2019, including more than two-thirds of internal DPOs. This survey, available for public download on this link (in French), provides valuable information on the job of the DPO.

The results of the study reinforce the DASTRA team's conviction of the relevance of its mission. Indeed, the conclusions that have particularly alerted us are the following:

  • For all DPOs, the 3 main activities (in terms of time spent) are: mapping the data processing activities and establishing the record, raising awareness and training the controller, management and employees and bringing existing processing into compliance.
  • Nearly 70% of DPOs work part-time
  • 64.9% of DPOs do not have a network of Privacy Correspondents
  • More than a third (33.6%) of the DPOs consider that they have significant difficulties in controlling the GDPR.
  • More than 6 out of 10 organizations employing DPOs did not use outside consulting support.
  • Less than a quarter of the DPOs feel that they are not reaching their target in terms of planning.

Other information provides important insights into how DPOS perceive issues with their data controllers:

  • According to DPOs' perceptions, nearly half of their data controllers believe cyber security issues are crucial to very important.
  • According to DPOs' perceptions, over 37% of their data controllers believe that digital trust issues are very important or crucial
  • According to the perception of DPOs, 45.7% of their controllers believe that the issues related to the use of personal data in the activity of the structure are very important or crucial
  • According to the perception of DPOs, 41.3% of their controllers believe that the use of personal data in the commercial issue is a very important to crucial issue.

Feel free to download this study and share it on social networks with @Dastra!


Investigations on trade union organizations by the french DPA (CNIL): a recall of the fundamentals!

The french DPA (CNIL) has discreetly communicated on the lack of GDPR compliance of several trade union organizations that it has monitored....

Jérôme de Mercey

Transfers of personal data to the U.S.: update on EU Standard Contractual Clauses (SCCs)

On July 16, the CJEU annulled the Privacy Shield in a now famous decision: SCHREMS 2. We take stock of the possible solutions, in particular...

Jérôme de Mercey

2018 / 2019: study of the main financial sanctions RGPD in Europe

Since the entry into force of the GDPR in May 2018, many European and international organizations are worried about the risk of financial sa...

Paul-Emmanuel Bidault