Business are failing — big-time — to comply with some aspects of GDPR, according to a new study from Talend.
For instance, 70% have not addressed requests by individuals for
copies of their personal data within the required one-month time limit.
Talend made personal data requests of 103 companies. It reports that 22% fulfilled them in the time frame, but does not
specify what the remaining 8% did.
Of the European companies contacted, 35% provided such data on time. Non-European organizations did better, with 50% complying.
Retailers had
the worst record, with a 76% non-compliance rate on data requests. But 50% of financial services firms fulfilled the obligation.
Of those that responded to data requests, 65% replied within
ten days. But the average time was 21 days.
However, streaming services, mobile banking and technology firms replied within one day.
“Businesses must ensure that data is
consolidated and stored in a transparent and shareable way,” states Jean-Michel Franco, Senior Director of Data Governance Products at Talend.
Franco adds that “GDPR’s
one-month time limit should be viewed as an absolute deadline rather than a target.”
Talend’s research shows that it is possible for some brands to respond within a day, suggesting
that these brands understand fast response times will help boost customer trust,” Franco continues.
Talend, a provider of cloud integration services, sought data on compliance with GDPR
Article 15 (“Right of access by the data subject”) and Article 20 (“Right to data portability”) requests.