` IAPP Survey on Data Mapping, DPIAs, ROPAs & DSARs after GDPR - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

IAPP Survey on Data Mapping, DPIAs, ROPAs & DSARs after GDPR

IAPP has published a new report measuring privacy operations that allows privacy professionals to benchmark their own business practices against other companies. The report provides benchmarking information on the use of data inventories, privacy assessments, data protection impact assessments (DPIAs), data subject access requests (DSARs) and breach notifications.

The survey was sent to 41,000 subscribers of the IAPP Daily Dashboard email between October 23 and November 6, 2018. Nearly 500 people took the survey, which contained 27 questions and took an average of seven minutes to complete. 410 respondents said that their organization was subject to GDPR.

Here is some of the benchmarking data that was gathered:

Risk Assessments: The number of organizations that are conducting mapping and inventory operations manually or through informal tools such as email and spreadsheets is down from 62% in 2016 to 45% in 2018.

DPIAs: More survey respondents perform DPIAs than other forms of risk assessments such as privacy impact assessments or vendor risk assessments (aka vendor vetting). However, of those that are subject to GDPR, the majority have created fewer than five DPIAs since GDPR.

privacymagnified

Third Party / Vendor Risk Assessments: More than half (52%) fo respondents conducted a Vendor Risk Assessment, according to the survey responses. It was second only to the 60% response for DPIAs.

Other Privacy Assessments: About 30% of organizations have conducted Legitimate Interest Assessments, Data Breach Readiness Assessments, International Data Transfer Assessments and High Risk Processing Assessments. Between 27% and 31% of respondents said that their organization was using these risk assessments.

Data Mapping: Companies that have conducted a data map have gathered information on average on 75 percent of their business processes. Of those that have not engaged in data mapping or a data inventory, 70% cited a lack of necessary resources.

ROPAs: Around 25% of respondents have prepared between 1 and 5 reports for records of processing activities since GDPR while around 34% either have prepared none or don’t know whether their company has produced any.

DSARs: The median organization is currently receiving 7 DSARs per million data subjects per month. Nearly one-third have either partially or fully automated responses to them.

If your organization is considering privacy software to handle one or more of the above functions, please call 1-888-252-5653 to schedule a free demo of the Clarip enterprise privacy management platform.

Other Blog Posts with Survey Data:

Survey: Half of UK Small Business Owners Confused by GDPR
KPMG Survey: Consumers Expect Businesses Will Protect Their Data Privacy
Poll: Data Privacy Top Issue for Companies
Harris Poll Finds Less than Half Trust Big Tech with Personal Data
Survey: 88% of Irish Businesses Optimistic About GDPR Compliance
Forrester Study: Customer Privacy is a Competitive Differentiator for 75% of Businesses
Privacy Survey Details Jump in Data Mapping, Privacy Audits
Survey: Data Privacy Top Concern for Potential Customers and Business Partners
Survey: Majority of Fintech Users Want Control Over Third Party Access to Financial Data
Survey: Only 35% of Companies Can Show GDPR Compliance
Survey: Majority of UK Consumers will Exercise Data Subject Access Rights in Next Year

Contact Clarip Today for Help with CCPA and GPDR

The Clarip team and data privacy software are prepared to help your organization improve its privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If your challenge right now is CCPA compliance for your California operations, allow us to show you our CCPA software. From consent management software to offer the option to opt-out of the sale of personal data, to a powerful DSAR Portal to facilitate the right to access and delete, Clarip offers enterprise privacy management at an affordable price.

If you are preparing your European operations for GDPR compliance, we can help through our modular GDPR software. Whether you are looking to start the process with GDPR data mapping software, increase automation in your privacy program with DPIA software, or handle ePrivacy with a cookie consent manager, Clarip has the privacy platform that you need to bolster your program.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons