The Next Generation PIAs

GDPR Ready: Article 30 & 35


At the International Conference of Data Protection and Privacy Commissioners in Hong Kong we released our latest study: GDPR Compliance Benchmarking: Measuring Accountability. The study spans multiple industries, including 46 organisations that completed a GDPR benchmark. These 46 organisations were either entirely located in the EU or were global organisations with EU operations. In either case, only the EU operations were baselined. The largest concentration of industries was in finance and manufacturing. With this research in hand, we are now able to provide some practical knowledge to measure and enhance your organisation’s GDPR compliance efforts.


To gather this information, we leveraged the Nymity Privacy Management Accountability Framework™ and Nymity Benchmarks™ (an automated solution for baselining and benchmarking organisational privacy management). The framework is a comprehensive list of technical and organisational measures, structured into 13 categories and was developed after years of research and on the ground workshops around the globe learning what organisations do to practically implement privacy management. It has been mapped to hundreds of laws and privacy frameworks, as well as the GDPR, making it an excellent, industry and jurisdiction-neutral tool to gauge GDPR readiness. When we mapped the GDPR to the framework, we identified 39 GDPR articles that create obligations to put in place a technical or organisational measure to demonstrate compliance and those 55 measures were used to gather data from the 46 participating organisations in our research.