So Far, GDPR Compliance is Uneven

Compliance with new European data privacy regulations was spotty in the first three months after the rules took effect at the end of May, with an estimated 70 percent of global companies failing to comply with requests for personal data within the required one-month time period.

According to a survey released this week by cloud data integration specialist Talend, compliance with the EU’s General Data Protection Regulation (GDPR) was actually higher outside Europe. This, the survey concludes, “suggest[s] that businesses outside of Europe are taking a slightly more proactive approach to GDPR.”

Retailers were found to be the worst scofflaws, with 76 percent failing to respond to individual requests for private data within 30 days. The financial sector performed better, but only about half managed to respond to data requests within one month.

The overall average response time was 21 days. Streaming services, mobile banking and other technology vendors made up the 22 percent of companies surveyed that responded within the GDPR time limit, “suggesting that digital service companies are more agile when it comes to GDPR compliance,” Talend (NASDAQ: TLND) reported.

The survey found that 65 percent of GDPR-compliant companies required more than 10 days to respond to consumer request for personal data.

Penny Jones, research director at 451 Research, said most companies understand “the importance of GDPR, [but] many are still not taking their data seriously in terms of the technologies and processes they have in place.

“As a result, many businesses are falling short of their GDPR obligations,” Jones added. “They can lack the proper methods for storing, organizing or retrieving data in line with the regulation’s requirements.”

“Businesses must ensure that data is consolidated and stored in a transparent and shareable way,” noted Jean-Michel Franco, Talend’s senior director for data governance. “GDPR’s one-month time limit should be viewed as an absolute deadline rather than a target,” Franco continued. “Our research shows that it is possible for some brands to respond within a day, suggesting that these brands understand fast response times will help boost customer trust.”

Talend, Redwood City, Calif., said it polled 103 “GDPR-relevant” companies, including companies within the European Union or those outside the EU that conduct business in Europe. Along with retail, media and technology, industry sectors represented in the survey included telecommunications, finance and travel.

In a guest column published by Datanami, Navneet Mathur, senior director of global solutions at Neo4j, also described the ongoing struggle to comply with GDPR requirements. “The 14 largest companies in the world, including Facebook, are still not GDPR compliant,” Mathur noted. “Consumers still cannot obtain access to all the data that companies have on them, leading to the consequences like Facebook losing approximately one million European monthly active users.”

Recent items:

We’re Months in GDPR. So, What’s Next?

The Enlightening Side of GDPR Compliance