GDPR Community Opinion Question Results (16 - 23/05/20)

Updated: May 25, 2020

This week we asked the community for their opinion in a poll posted on our Linkedin company page. The question was, "As we approach two years of GDPR, we would like your opinion on how confident you are that businesses are compliant to the regulation?"

The poll was launched on the 16/05/20 and had a total run time of one week ending on 23/05/20.

There was a total of 81 respondents.

The results were as follows:

  • Most are compliant (80%<) = 06%

  • More than average (51-79%) = 26%

  • Less than average (21-50%) = 47%

  • Most aren't compliant (20%) = 21%

The majority of the correspondent's, confidence in businesses compliance to the regulation falls in the 'Less than average (21-50%)' camp. Worryingly only 6% (5 people) voted "Most are compliant (80%<)".

This week's questions can be found here. Please submit your vote and get involved.

If you have a suggestion for a question or would like to share your opinion, we would love to hear from you, send us an email at

Views from the Community

We reached out to the community for their views and to ask the reason for their vote. We had the following valuable insights to share,

Rahul Uttamchandani,

Legal Counsel at Legal Army | IP/IT & Privacy | LLM

Voted: Less than average

"As a privacy professional I see more and more companies that understand data protection and its importance (be it for their clients' interests or to avoid fines under the GDPR), nevertheless investing in legal counsel from the start (Privacy by Design) is still not one of their main concerns. I do think that the market trend is changing and, as I say, privacy is increasingly taken into account - which is quite positive - but we must continue to improve and raise the awareness among new entrepreneurs as it is more effective in the long term to comply with the privacy-by-design principle than to try to be compliant once the whole venture and its structure have been set up"

Agnieszka Rapcewicz

Privacy Lawyer (GDPR, New Technologies), Data Protection Officer

Voted: Less than average

"In my opinion, unfortunately, most of the entities processing personal data still treat GDPR as a necessary evil and an element blocking their business (at least in Poland). Before the entry into force of the GDPR, the entrepreneurs in a panic created, above all, documentation which was to prove their adaptation to the new regulations (data protection policies, information clauses). However, this was not followed by a change of awareness of persons processing personal data. Based on my experience, I can say that the vast majority of entrepreneurs do not take into account the principles of privacy by design and privacy default in their actions. DPOs are not included in business processes from the very beginning, which means that even despite the implemented documentation on personal data protection, the data are processed without legal basis or to an excessive extent. Information obligations do not take into account all purposes of personal data processing or are not fulfilled at all. The GDPR has been relatively correctly implemented in smaller entities that do not have many processes involving personal data processing, as they simply need to have documentation, including information obligations. On the other hand, in large entities, especially those that are part of international capital groups, decision-making processes take an extremely long time, so the implementation of appropriate data protection solutions may not have been done for formal reasons. Personal data protection is treated as a marginal problem and entrepreneurs focus on current business and increasing their revenues"

Tsvetina Hristova Lungarova

Data Protection Officer

Voted: Most aren't compliant

"I see at least one privacy notice per day that is a complete mess and PNs being just the top of the iceberg makes me think that compliance could be hardly expected in such case. I'm still being asked from potential clients to make them an offer for "just writing down the notice for a new software product" that has never been assessed from privacy and data protection perspectives and the expectation is that there is only some kind of legal paperwork to be done by an expert and it will be ready to go live. What's disturbing in such cases is not that clients don't know enough about the subject but the fact that very often I have to compete with layers who are willing to sell such service and promising 100% compliance".

Rui Serrano

DPO - Data Protection Officer and GDPR Senior Consultant at LEXA

Voted: Most aren't compliant

When we asked why Rui replied, "I have been supporting companies with Personal Data Protection Legislation compliance for over 3 years and that led me to assess many other companies that act as either Processors or Controllers towards my Corporate Clients while negotiating the DPAs".