These three sectors are struggling to set up their personal data processing register made compulsory by Article 30 of the General Data Protection Regulation.
Three years after the entry into force of the GDPR, there is still work to be done in terms of the protection of personal data. Particularly in the education, health and banking / insurance sectors.
According to a study conducted by the company Data Legal Drive, only 38% of health professionals have completed their personal data processing register. And again, this register was created in a piecemeal fashion and in the form of a spreadsheet. “A worrying figure in a sector where the data are more and more numerous and said to be sensitive, especially in this unprecedented context,” explain the authors of the study.
The education sector is a little better off with a 43% rate of creation of personal data processing registers. As for companies operating in the banking / insurance field, “there is still too little digitization of the processing register. 77% use an Excel-type spreadsheet to do it”.
Purposes of processing
Provided for by article 30 of the GDPR, the processing register is a document that contains a wealth of information: the purpose of the processing, the categories of data, the persons concerned by the data, the recipients of the data, the security measures applied to the processing… The obligation to keep a register of processing concerns all bodies, public and private and regardless of their size, as soon as they process personal data.
The survey, conducted by Data Legal Drive in collaboration with Lefebvre Dalloz and AFJE, was carried out among 348 data protection officers (DPOs) and lawyers.
–
