• by Ray Schultz , Columnist, December 6, 2019

We are mere weeks away from the California Consumer Privacy Act taking effect. And that will be followed by the PDPA in Thailand in May and the LGPD in Brazil in August. Yet marketers have not yet learned to cope with the 18-month-old GDPR.

This is crucial for email marketers because many are governed by GDPR, or will be by CCPA and other new rules.

Worldwide, only 42% of organizations are fully compliant with the GDPR’s data access rule, according to a benchmark study released by Talend this week. That means 58% of entities are failing to meet the one-month requirement for addressing requests from consumers seeking a copy of their personal data.

That’s an improvement over 2018, when 70% were still not compliant. Still, it doesn’t say much for worldwide preparedness.

The worst laggards are public sector organizations — only 29% can provide the data within the one-month limit. Among commercial enterprises, media and telecom businesses are the worst, with only 32% that can comply.

But the leaders are in the travel, transport and hospitality sector — 38% provide data in less than 16 days.

And retail companies have improved their game — 46% now comply, although the rate could still be better. Financial firms also score well. 

There are many possible reasons for this failure.  One is the lack of automation and consolidated view of data, Talend says.

For example, clients in the financial services sector may have multiple contracts with a company — with many locations, processing may often be manual.

And, it can be expensive — a recent Gartner survey found that firms spend an average of more than $1,400 to answer a single Subject Right request, Talend notes.

Among the sloppy practices are failure to ask for proof of identification, with only 20% that do so. And many in that group fail to use a secure way to share ID documents, it adds. 

"These new results show clearly that Data Subject Access Rights is still the Achilles' heel of most organizations," states Jean-Michel Franco, senior director of data governance products at Talend. 

Franco adds, "To fully comply with GDPR it is necessary to understand where the data is, how it is processed and by whom, as well as ensure that the data is trusted.”

This study follows earlier research by Talend showing a split between management and practitioners about their 

On the management level, 52% are “very optimistic” about being prepared for privacy regulations. But only 39% of operational workers agree. 

Similarly, 43% of managers say their firm’s data is always accurate and up to date. But only 29% of data practitioners would concur. 

Talent, a clout integration provider, surveyed 103 GDPR-relevant companies, 84% in the EU, 8% in NORAM and 8% in APAC.