The survey was conducted in July-August 2019 using the CAWI (Computer Assisted Web Interviewing) methodology. It involved 1,300 customers of DNV GL – Business Assurance across different industries in Europe, North America, Central & South America and Asia. 14,4% of the companies in the sample have an ISO/IEC 27001 certification in place. 39,6% of the companies are subject to the General Data Protection Regulation GDPR. 7,6% of the companies belong to Sensitive Industries, hence companies in Health & Social work, Financial Intermediation, Public administration, IT. The sample also includes 60 companies identified as LEADERS based on a list of attributes defined by DNV GL – Business Assurance.
The sample does not claim to be statistically representative of companies worldwide. For further information, please see the full study.A total of 60 companies in the sample were identified as LEADERS based on a list of attributes defined by the project team:
- Companies who consider (great extent) privacy important for their business strategy today
- Companies who currently see themselves as leading within this field
LEADERS represent 5% of the total respondents; the analysis of their answers offers insights into the best practices and mindset of the companies with more mature approaches to privacy management.
- Green circles in charts: significantly above average data. Red circles: significantly below average data.
- DK/DA: “do not know” and/or “did not answer”.
- Certified Companies: respondents with an ISO/IEC 27001 certification in place.
- Companies subject to GDPR: companies subject to the European General Data Protection Regulation.
- Small-Medium Companies: companies with less than 250 employees.
- Large Companies: companies with more than 250 employees.
- Sensitive Industries: companies belonging to Health & Social work, Financial Intermediation, Public administration, IT