Privacy, please: 5 things we learned from the CNPD 2019 Activity Report

in Industry Insights, 11.01.2021

Privacy and the protection of sensitive data remain a hot topic and a top priority for organizations across the globe. In a year marked by the COVID-19 pandemic and the invalidation of the EU-US Privacy Shield, privacy concerns and challenges for businesses are at an all time high. The CNPD (National Commission for Data Protection) has recently published its 2019 Activity Report, which is the first report covering a full year of activities under GDPR. This report is invaluable, providing an in-depth look at the issues that impact every organization’s privacy journey.

Here are five key takeaways:

  1. The number of requests for information remained high and became more specific, demonstrating greater privacy awareness.
  2. The number of complaints made by individuals who believed the law, or their rights, had not been respected increased significantly to over 600.
  3. Over 350 data breaches were reported to the CNPD and, not surprisingly, internal non malicious acts were the most frequent breach type—basic errors can spell serious consequences.
  4. The number of on-site investigations almost tripled, with video surveillance, geolocation, marketing and advertising as the most investigated areas.
  5. Data protection audits have also taken place. Pre-scheduled audits focused on data protection governance and the role of the Data Protection Officer. Unannounced audits also took place to follow-up on complaints or as part of a collaboration mechanism at European level.

How KPMG can help you achieve your privacy goals

So, what should organizations do with the information provided in this report?

KPMG believes trust is the key element to successfully managing personal data. Once it has been established, it not only means potential risks can be avoided but opens the door to further growth in this digital era.

Easier said than done right?

We recognize the challenges in finding the right balance of personal data assets that could contribute to new opportunities for growth while making sure that privacy, security, ethics and compliance are not compromised. In A balancing act: Privacy, security and ethics, we explore how organizations are using consumer data and data-led decision-making to build the right ‘data compound’ to help drive growth.