Most organizations off to slow start at meeting GDPR requirements

Register now

A majority of organizations worldwide (70 percent) failed to address requests made from individuals seeking to obtain a copy of their personal data as required by the General Data Protection Regulation within the one-month time limit set out in the regulations, according to research from cloud integration technology company Talend.

The research is based on data requests made to 103 companies based or operating in Europe across a variety of industries between June 1 and September 3, 2018. Talend assessed responses to GDPR Article 15 (“Right of access by the data subject”) and Article 20 (“Right to data portability”) requests, monitoring areas including GDPR references in privacy policies, and the speed and completeness of responses.

“GDPR requires insight into company data and its governance,” said Penny Jones, research director at 451 Research. Recent research, including that done by Talend and separate reports by 451 Research, found that while many organizations understand the importance of GDPR, a large number are still not taking their data seriously in terms of the technologies and processes they have in place, Jones said.

As a result, many organizations are falling short of their GDPR obligations.

A majority of GDPR-compliant companies (65 percent) took more than 10 days to respond and the overall average response time was 21 days. For some, the response was much quicker.

Of those who responded within the time limit (22 percent of organizations), primarily streaming services, mobile banking, and technology businesses, replied within just one day. That suggests digital service companies are more agile when it comes to GDPR compliance, the report said.

For reprint and licensing requests for this article, click here.