Two major events, with respect to GDPR, have been revealed in the last 72 hours as Talend unveils the results of new research showing how companies are still failing to comply with some provisions of the GDPR.
The first was a wave of GDPR complaints against tech giants – including Netflix, YouTube, Amazon, Apple and Spotify – all of whom were publicly accused of breaching Article 15 of GDPR, after failing to respond to 10 private citizens’ data requests.
The second is that the first major GDPR fine was been imposed on Google yesterday by the French data regulator.
According to the new Talend research, it appears that the tech giants aren’t the only ones violating the new data regulation. New figures show that 74% of UK organisations failed to address requests from individuals seeking to obtain a copy of their personal data within the one-month time limit required by the GDPR.
The data also reveals that there was only a 17% compliance rate in the companies polled, with the final 9% of companies split with delayed or incomplete responses.
Jean-Michel Franco, senior director of data governance products at Talend, commented:
“The world has been on tenterhooks waiting for the first major fine to be enforced for a breach of the GDPR – and this week they got what they were waiting for.
“Along with the latest GDPR violations and a large fine for Google in France, our research reveals that 74% of UK organisations are failing to respond to personal data requests. It’s clear that, when it comes to GDPR, Data Subject Access Rights is the Achilles‘ heel of most organisations.
“Despite it being very easy for anyone to check, most organisations don’t comply. There is a great deal of work to do in this area. A delay, or complete lack of a response, will only continue to damage free-falling consumer trust in how organisations store and organise their data.
“The good news is, it is possible to fix this embarrassing issue. An organisation would need a data hub, with a data catalogue in the background and API services in the front end
“Consumers are now feeling more empowered to put companies and regulators under pressure to ensure that their rights are respected, whether through individual complaints or group action, as we’ve seen recently with a huge spike in reports to the ICO (up by 160%) and class action by 45,000 European citizens driven by three associations including Privacy International.
“As 2019 gets into full swing, businesses must ask themselves if they are complying with the full extent of the GDPR provisions. The added pressures of Brexit and data sovereignty issues add extra elements of concern to an already complex data landscape.
“Businesses must do more to regain the trust of their data subjects and be aware that they risk very significant fines and further reputational damage in the event of non-compliance – both of which could prove potentially fatal to businesses.”
*The research is based on personal data requests made to 23 companies based or operating in the UK across multiple industries.”
Be the first to comment