Tech giants including Google, Amazon and Apple have been publicly accused of breaching GDPR after failing to respond to 10 private citizens with basic information but no research from Talend has revealed that they aren’t the only ones violating the EU’s data protection rules.
The firm’s latest research, based on personal data requests made to 23 companies based or operating in the UK across multiple industries, shows that 74 per cent of UK organisations failed to address requests from individuals seeking to obtain a copy of their personal data within the one-month time limit required by GDPR.
Talend’s data also revealed that there was only a 17 per cent compliance rate among the companies it polled with the last nine per cent of companies split with either delayed or incomplete responses.
GDPR went into effect on May 25th 2018 and experts are predicting a growing emphasis on compliance with the regulation in 2018 particularly regarding improving data processes within organisations.
Under pressure to comply
According to Talend’s Senior Director of Data Governance Jean Michel Franco, companies that give users a delayed or complete lack of a response to their requests for information risk damaging consumer trust in how they store and organise their data.
Franco explained how consumers are becoming more empowered when dealing with the companies that have their data and how business must work to regain consumer trust, saying:
“What’s more, the world is on tenterhooks waiting for the first major fine to be enforced for a breach of the GDPR. After all, consumers are now feeling more empowered to put companies and regulators under pressure to ensure that their rights are respected, whether through individual complaints or group action, as we’ve seen recently with a huge spike in reports to the ICO (up by 160%) and class action by 45,000 European citizens driven by three associations including Privacy International.
“As 2019 gets into full swing, businesses must ask themselves if they are complying with the full extent of the GDPR provisions. The added pressures of Brexit and data sovereignty issues add additional elements of concern to an already complex data landscape. Businesses must do more to regain the trust of their data subjects and be aware that they risk very significant fines and further reputational damage in the event of non-compliance – both of which could prove potentially fatal to businesses.”