More than a year has passed since the entry into force of the General Data Protection Regulation (GDPR). This period is sufficient to assess the picture on its application by the civil organizations in Bulgaria to the present moment. In order to understand how the requirements of GDPR affect the daily work of organizations in the NGO sector, in July we conducted a survey, which consisted of 38 questions. These questions have been developed for the purposes of a research conducted by the European Union Agency for Fundamental Rights (FRA), further adapted by us, to make a more detailed study among the civil organizations in Bulgaria.
We would like to thank everyone who filled out the survey!
Here are the results:
46,7% of the respondents indicated that they have a basic understanding of the new regulations and that they require expert support in order to manage the work. Other 36,7% asses their level of understanding as fair and need additional expert advice for only a few specific cases.
63,3% of the organizations, shared that they have faced specific challenges in relation to the new requirements for data protection. 66,7% indicated that they have put some effort to comply with the regulation whereas 20% stated that the effort they had to put was significant for their organizations. Among the main steps that organizations have taken in order to comply with the requirements are reviewing and adoption internal rules and policies (73,3%) and reviewing and publishing data protection policies (63,3%).
Impact upon work
53,3% of the respondents, did not identify any impact of the GDPR on their everyday work. Only 6,7% asses their everyday work as a lot less effective. Identical is the percentage of the organizations (6,7%), which stated that their work is a lot more effective”.
Support and advice from supervisory bodies
The majority of the respondents (83,3%) indicated that they did not receive or they did not seek for any assistance from the Commission for Personal Data Protection (CPDP), and 3,3% stated that they have used guidelines from the Commission’s website.