“The GDPR generated awareness on data protection both among individuals and companies”, argues Gwendal Le Grand, Director of Technologies and Innovation at the French National Commission on Informatics and Liberty (CNIL).
The GDPR works! “Companies have appropriated the text, and almost 40,000 of them have already nominated a DPO, the individual responsible for the treatment of data,” observes Gwendal Le Grand. “This year, the CNIL has enregistered 11,000 complaints, against the 8,000 of the previous year; at the same time, the number of calls received by the contact center went from 150,000 to 190,000: “These numbers clearly indicate that the people are grasping the GDPR”.
Despite these satisfying results, there are large disparities between companies, and not everyone has yet tackled the issue of data governance. The main issue for enterprises is the notion of dynamic conformity, that forces them to regularly revise the dispositions in place to ensure their continuous pertinence. “This difficulty can become a strength”, highlights Gwendal Le Grand, since “it is a way to show that you are efficient and effective”.
Helping visitors to make choices
One of the challenges of GDPR is the issue of designing the interface that allows citizens to choose the data they want to share. In order to guide the enterprises, often torn between marketing concerns and legal obligations, the CNIL proposes a booklet on the design of choice architecture. This publication is freely available on the CNIL website and aims at inspiring companies.