Four in 10 businesses fail GDPR tests, study reveals

Just 4 in 10 businesses are fully compliant with new European data protection rules, a major study has revealed.

The research, published by cloud data experts Talend, shows that despite the General Data Protection Regulation (GDPR) coming into force over a year ago, businesses are still failing to follow legal protocol.

Under GDPR, businesses are required to take steps to protect the privacy and security of consumer data, with a focus on transparency, consent and cybersecurity.

Failure to follow the new rules can result in significant fines – up to 20 million euros or four per cent of annual global turnover, whichever is highest.

According to the report, some 58 per cent of surveyed businesses “failed to address requests” made from individuals seeking to obtain a copy of their personal data as required by GDPR within the one-month time limit set out in the regulation.

This is compared to 70 per cent of surveyed businesses who failed the same test in September 2018, meaning awareness of the new rules is still worryingly low.

Despite minor improvements in the private sector, compliance within public sector organisations continues to lag. According to the figures, just three in 10 (29 per cent) of organisations, such as hospital trusts and local authorities, could provide the data within the one-month limit.

By comparison, the travel, transport and hospitality industries are considered the “best performers”, with 38 per cent of organisations providing data in less than 16 days.

Commenting on the report, David Scott of Hethertons solicitors, said: “These new results show clearly that Data Subject Access Rights is still not being recognised by of most organizations.

“To fully comply with GDPR it is necessary to understand the basic principles of the legislation.  You should know where the data is, ensure it is up-to-date, how it is processed, by whom and for what purpose.

“When you receive a Data Subkect Access Request you should know what to do and remember that not all data has to be disclosed when requested.”

If you require help or guidance with data protection, contact Hethertons employment team today on 01904 528200.