Business are failing — big-time — to comply with some aspects of GDPR, according to a new study from Talend.
For instance, 70% have not addressed requests by individuals for copies of their personal data within the required one-month time limit.
Talend made personal data requests of 103 companies. It reports that 22% fulfilled them in the time frame, but does not specify what the remaining 8% did.
Of the European companies contacted, 35% provided such data on time. Non-European organizations did better, with 50% complying.
Retailers had the worst record, with a 76% non-compliance rate on data requests. But 50% of financial services firms fulfilled the obligation.
Of those that responded to data requests, 65% replied within ten days. But the average time was 21 days.
However, streaming services, mobile banking and technology firms replied within one day.
“Businesses must ensure that data is consolidated and stored in a transparent and shareable way,” states Jean-Michel Franco, Senior Director of Data Governance Products at Talend.
Franco adds that “GDPR’s one-month time limit should be viewed as an absolute deadline rather than a target.”
Talend’s research shows that it is possible for some brands to respond within a day, suggesting that these brands understand fast response times will help boost customer trust,” Franco continues.
Talend, a provider of cloud integration services, sought data on compliance with GDPR Article 15 (“Right of access by the data subject”) and Article 20 (“Right to data portability”) requests.