Privacy sweep shows big compliance gaps


By Dylan Bushell-Embling
Tuesday, 05 March, 2019
Privacy sweep shows big compliance gaps

A global sweep of data protection procedures and capabilities of organisations in 18 countries found that only half are compliant with legal requirements around maintaining data privacy policies.

In addition, only 52% of organisations indicated that they have a documented incident response procedure, while only 58% have clear measures in place to both deal with data breaches and other incidents as they arise and notify individuals and regulators.

The sweep was led by New Zealand's Office of the Privacy Commissioner and the UK's Information Commissioner's Office, and drew the participation of 16 other data protection authorities that have allied with these offices as part of the Global Privacy Enforcement Network.

It found that while less than 10% of organisations have no privacy policies governing how they handle personal data at all, only around 50% of organisations both maintain an internal data privacy consistent with legal requirements and would be able to demonstrate that the policy has been embedded into everyday practices.

Furthermore, over 20% of organisations have no programs in place to conduct self-assessments or internal audits of their data protection standards, and 14% were deemed to have poor internal privacy practices.

The survey also identified significant gaps in terms of transparency, with only 55% of organisations maintaining a clear privacy policy which is easily assessable to customers and the general public.

Meanwhile, only half of organisations conduct regular data protection training to all staff.

But the report (PDF) also identified signs of improvement, with 33% of respondents indicating that they are in the process of implementing a data privacy framework or had partially implemented internal policies.

In addition, 67% of respondents reported appointing a dedicated data privacy officer or a senior-level member of staff responsible for overall privacy governance, and only 6% either reported that they have nobody responsible for data protection or failed to specify.

Image credit: ©.shock/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

GenAI 'grey bots' scraping data from websites

Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...

Surge in GenAI data uploads increasing unintentional cyber risk: report

Without proper data security controls, GenAI can turn employees into unintentional...

Content from other channels on our network

Electrical retailers fined for non-compliant appliances

Research aims to increase energy efficiency in mobile networks

The case for standalone power

How to avoid a US electricity crisis?

Should businesses choose in-house or third-party manufacturing?

WA Government signs MOU with General Dynamics

Australia under attack as higher cyber threat activity observed: report

Dynatrace secures IRAP certification for Azure‍-‍based platform

ACSC issues alert about 'fast flux' threat

AI smart cameras to improve road safety in SA

Command and control: modern control room design meets cyber-physical safety

$6.1m in govt funding to improve NSW rural connectivity

'Splitting method' brings less-powerful satellites into 5G era

Canberra celebrates 60-year NASA collaboration with new dish

Digital radio rollout for Victoria's Marine Search and Rescue

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd