“The AFCDP being as close as possible to the daily concerns of DPOs, the association proposes with this Barometer to take a step back on 3 key questions per quarter: the feeling of the evolution of the conformity of organizations, a technical question and a current issue. With 280 respondents, we are happy to share these results again and study their evolution. », comments Paul-Olivier Gibert, President of the AFCDP.
Do you have confidence in the protection of private data within your organizations?
The feeling of DPOs of being within an organization in compliance in terms of personal data protection continues to increase (46% of respondents vs. 44% in February 2024). In this first quarter, current regulations (DMA, DSA, DA, DPF, Cookies Wall, etc.) seem less disruptive to the personal data protection strategies put in place (16% in April and February 2024 vs. 20% of respondents in October 2023).
“It seems that a large proportion of DPOs feel listened to and have enough agility in their organization to adapt to different compliance issues. These issues are evolving with the various regulations being adopted and the acceleration in the use of technologies such as Generative AI. The fact that the protection of personal data is gradually becoming a social subject with a more general awareness of the issues, surely contributes to better consideration of the recommendations of the DPOs. DPOs should now be more involved upstream of all projects containing data processing. ” declares Paul-Olivier Gibert, President of the AFCDP.
Do you think there are personal data protection issues for your organization related to the Olympic Games?
The AFCDP notes that the Paris 2024 Olympic Games do not seem to have a direct impact on the DPOs, except through the prism of the greater risk of cyberattacks during this period when France is the center of attention at the global level.
“After having followed the decisions around algorithmic video surveillance and/or based on artificial intelligence, we believe that DPOs must remain on standby around the exceptional processing of personal data that can give rise to such large-scale events in the short term. and/or medium term. ”, comments Paul-Olivier Gibert.
IA Act and compliance: will you be impacted?
The majority of personal data protection professionals (52% + 27% = 79%) already feel concerned by the European Regulation concerning Artificial Intelligence (“AI Act”) definitively adopted on April 23, and the obligations of compliance by entry into force in 2025. The objective of this regulation being to ensure that any AI placed on the market is in compliance with European law, DPOs must anticipate compliance now AI systems designed and/or used by their organization.
“Whether due to internal deployment of solutions using AI, or due to individual uses (see ChatGPT or other), any project directly or indirectly relating to AI must involve the DPO. Indeed, its ability to process enormous quantities of data allows AI to potentially access, analyze and use personal data or even sensitive information about individuals. Which therefore raises questions about the confidentiality and security of this personal data, but also about its uses in compliance with the GDPR. ” recalls Paul-Olivier Gibert.
