• 91% of respondents declare that they have implemented certain or the majority of GDPR requirements.
• More than 90% of respondents state that they have identified the risks for data subjects, out of which 50% declare having mitigated them.
• 83% of respondents declare having defined retention periods, yet only 12% announce these are properly enforced in their IT system

Luxembourg: PwC Luxembourg’s first survey, launched back in December 2018 and named, “six months into the application of General Data Protection Regulation (GDPR), Luxembourg market status: Smooth Sailing or Hot Water?”, was aimed at understanding the Luxembourg business environment’s reactions to the regulation 6 months after it entered into force. Results revealed that while the majority of respondents considered themselves “GDPR-ready” or “almost-ready”, there was still work to be done, including in terms of risk management and data retention.

18 months after the GDPR implementation, PwC Luxembourg thought it was relevant to conduct a second survey to assess where the Luxembourg market stands, how data privacy challenges have been tackled and what changed since the first edition of the survey.

18 months into the application of GDPR, Luxembourg market status: is it all Smooth Sailing now?

Frédéric Vonner, GDPR and Privacy Leader at PwC Luxembourg said, “​As results show, Luxembourg organisations have embraced the GDPR. The main conclusions of our first survey in 2018, remain similar to the survey results from this year, but whether this is a positive or not is not entirely clear. While most of the entities we surveyed declare themselves as compliant with GDPR, when we dig deeper into the details we can see that there is still work to be done. There are two areas that are deserving of our attention: the limitation of the retention of personal data on the one side, and the risk and impact analysis as applied on the processing of personal data on the other hand​.”

[button color=”orange” link=”https://vimeo.com/402867578″]Watch the full ​video​ with Frédéric Vonner’s analysis of the survey results.[/button]

Overall, the number of respondents declaring they comply with the GDPR to a more or less greater extent, has slightly increased.

Indeed, 91% of the respondents across all the industrial sectors surveyed declare that they have implemented certain, or most of, the requirements, in comparison to 89% in 2018.

The financial services industry respondents declare the highest level of compliance, being around 95%.

Yet, the same types of difficulties are mentioned when it comes to the actual enforcement of the regulation. The top 3 challenges mentioned in 2020 are:

1. Understanding the processing activities;
2. Having sufficient staff involved;
3. The complexity of the technological aspects.

[button color=”orange” link=”https://www.pwc.lu/gdpr-survey-2020″]Discover the full results of the ​survey​, “18 months into the application of GDPR, Luxembourg market status: is it all Smooth Sailing now?”[/button]

How was the survey conducted?

PwC Luxembourg sent out 25 questions to Luxembourg players from different industries. Launched mid-January 2020, the survey was available to the respondents during one month. The firm would like to warmly thank all 111 respondents for taking the time to share their thoughts.

[colored_box color=”blue”]For more details: Contact us at ​press@lu.pwc.com
Follow us on Twitter: @PwC_Luxembourg
Follow us on LinkedIn: PwC Luxembourg[/colored_box]