European companies are struggling to meet their obligations to provide citizens with their personal data as required by new general data protection regulation (GDPR) rules, a survey of the legislation’s first full quarter of operation has revealed.
Fully 70 percent of businesses could not address individuals’ requests to provide a copy of their personal data – a core tenet of GDPR that is encapsulated within Articles 15 and 20 – data integration provider Talend reported after an audit of 103 companies’ performance.
Retail providers were the least able to respond to GDPR enquiries, with 76 percent of such firms unable to meet their obligations. Half of financial-services companies were equally unable to respond – suggesting to some that businesses with offline and legacy systems were struggling to comply with GDPR.
The reasons for the non-compliance varied, but Penny Jones, research director with 451 Research, said that reviews had found that “while many organisations understand the importance of GDPR, many are still not taking their data seriously in terms of the technologies and processes they have in place… [and] can lack the proper methods for storing, organising or retrieving data in line with the regulation’s requirements.”
Even amongst those that could respond, 65 percent took over ten days to respond and the average time taken was 21 days.
Interestingly, companies without legacy data stores – typically, streaming services, mobile banking, and technology businesses – were frequently able to reply within just one day, “suggesting that digital service companies are more agile when it comes to GDPR compliance.”
The failure to comply is a warning for Australian companies, which will increasingly be subject to similar requirements under Consumer Data Right (CDR) legislation that will first be introduced in the banking sector in 2019 as Open Banking.
For companies struggling to engender a full appreciation of the importance of the GDPR legislation within their ranks, Talend senior director of data governance products Jean-Michel Franco noted that “GDPR presents an opportunity to engage with customers and build loyalty.”
“It’s vital for businesses in the digital era to have a 360-degree view of customers,” he added. “Our research shows that it is possible for some brands to respond within a day, suggesting that these brands understand fast response times will help boost customer trust.”
Yet consumer trust may prove harder to earn than simply by responding quickly to their GDPR requests. Recent Ipsos MORI survey of UK consumers found that most citizens are fiercely protective of their data, with just 21 percent of respondents willing to sign up for open-banking platforms.
Banks have also been flagged as concerned about open banking, with concerns that it will result in their intellectual property being taken from them.
Australian companies have a long history of struggling with the spirit and the letter of privacy laws, with one March survey by Webroot suggesting that just 13 percent of Australian companies were prepared for GDPR.
At that point, just 24 percent of Australian companies had trained their staff about GDPR compliance, while a Gartner analysis suggested just half of companies would be compliant with the legislation by year’s end.