Since the introduction of the GDPR (General Data Protection Regulation) in 2018, compliance with personal data protection regulations has become a priority for companies across the European Union. In Poland, the process of adjusting businesses to the regulations, and verifying compliance, received additional support through industry codes of conduct, which serve as a guide for companies from various sectors of the economy. According to KPMG data, as many as 82% of organizations in Poland declare their commitment to applying the code of conduct suitable for their industry.
According to the KPMG “Cybersecurity Barometer” report, for 85% of companies in Poland, GDPR is the most important IT and personal data protection compliance standard. Companies are increasingly taking actions to improve security, including commissioning external audits and implementing industry codes of conduct. The benefits of joining the code are numerous – from easier verification of data processing processes, constant supervision over compliance, to minimizing the risk associated with cyber threats.
In today’s digital world, cybersecurity and personal data protection are inseparable. Companies must continually improve their security level to meet increasing threats. GDPR is a priority standard that helps protect customer and employee data. At KPMG, we support organizations in this process by monitoring compliance with GDPR and industry codes, as well as implementing effective cybersecurity solutions â emphasizes MichaĆ Kurek, Partner, Head of the Cybersecurity Team at KPMG in Poland and Central and Eastern Europe.
Support of industry codes of conduct
Industry codes of conduct, approved by national supervisory authorities, make it easier for companies to adapt to the sector-specific requirements of the GDPR. According to KPMG data, 82% of organizations in Poland declare their commitment to apply a code of conduct suitable for their industry. This is particularly important in the health care sector, where the protection of patient data and their privacy plays a key role.
The introduction of industry codes of conduct helps organizations demonstrate that they are taking appropriate actions and adhering to the highest standards in the field of personal data protection. This is not only about compliance, but also increasing customer trust in businesses that process sensitive data. The example of the Code of Conduct for the healthcare sector shows that entrepreneurs are ready to invest in data security, not only for compliance with the law, but also due to growing awareness of cyber threats â says Piotr Burzyk, Senior Manager in the Cybersecurity Team at KPMG in Poland.
The implementation of the GDPR code of conduct aims to support entities operating in a particular industry in meeting personal data protection requirements. The process of joining the code includes a detailed assessment of the application, an initial audit, and continuous monitoring in the form of regular audits, which ensures full compliance with regulations. Companies that decide to join the industry code of conduct can count on tangible benefits in the form of better protection against data security breaches and more transparent and automated compliance verification procedures. The use of the code is also taken into account by the supervisory authority when making decisions in the event of a data protection breach.
In 2023 KPMG in Poland, as one of the first entities in the country, received accreditation from the President of the Personal Data Protection Office (UODO) to act as an entity monitoring compliance with the Code of Conduct for the healthcare sector. The task of KPMG is to support organizations in meeting GDPR requirements, verify compliance of entities with regulations, and constant supervision of the use of appropriate procedures.
Source: https://managerplus.pl/rodo-i-cyberbezpieczenstwo-kpmg-wskazuje-na-kluczowa-role-branzowych-kodeksow-postepowania-48313