The survey was conducted in July-August 2019 using the CAWI (Computer Assisted Web Interviewing) methodology. It involved 1,300 customers of DNV GL – Business Assurance across different industries in Europe, North America, Central & South America and Asia. 14,4% of the companies in the sample have an ISO/IEC 27001 certification in place. 39,6% of the companies are subject to the General Data Protection Regulation GDPR. 7,6% of the companies belong to Sensitive Industries, hence companies in  Health & Social work, Financial Intermediation, Public administration, IT.  The sample also includes 60 companies identified as LEADERS based on a list of attributes defined by DNV GL – Business Assurance. 

The sample does not claim to be statistically representative of companies worldwide. For further information, please see the full study.

A total of 60 companies in the sample were identified as LEADERS based on a list of attributes defined by the project team: 

• Companies who consider (great extent) privacy important for their business strategy today
• Companies who currently see themselves as leading within this field

LEADERS represent 5% of the total respondents; the analysis of their answers offers insights into the best practices and mindset of the companies with more mature approaches to privacy management.

Additional Notes 

• Green circles in charts: significantly above average data. Red circles: significantly below average data.
• DK/DA: “do not know” and/or “did not answer”.  
• Certified Companies:  respondents with an ISO/IEC 27001 certification in place. 
• Companies subject to GDPR: companies subject to the European General Data Protection Regulation. 
• Small-Medium Companies: companies with less than 250 employees. 
• Large Companies: companies with more than 250 employees.
• Sensitive Industries: companies belonging to Health & Social work, Financial Intermediation, Public administration, IT