Survey finds GDPR compliance rates remain low

Second survey checks in on how companies are meeting their data protection obligations and finds improvements, but more work to be done

Some 18 months after the General Data Protection Regulation (GDPR) came into effect compliance has improved, but remains low, according to a survey by cloud data integration and data integrity outfit, Talend.

Of the businesses surveyed worldwide, just over half (58 per cent) report not being able to meet their data access and portability requests within the GDPR-specified one-month time limit. The number has improved from the first survey in September 2018, which found 70 per cent of companies surveyed reported they had failed to provide an individual's data within one month.

In this updated survey, one year after it was first conducted, Talend asked a new population of companies, as well as companies that reported a failure to comply in the first benchmark, in order to map improvement. With new regulations on the way around the world, the firm argued companies need a process to overhaul data security provisions. These include data protection regulations coming into force in the US (California Consumer Privacy Act in January 2020), across APAC (PDPA in Thailand in May 2020), and in Latin America (LGPD in Brazil in August 2020).

According to the survey, public sector organisations and companies in media and telecommunications industries are struggling to meet the requests, with just 29 per cent of public sector organisations and only 32 per cent media and telecommunications industries surveyed able to provide the data within the one-month limit. Retail, financial services, travel, transport and hospitality firms are barely reach an average success rate, with 46 per cent of companies reporting they provided correct responses within the one-month limit.

Talend said organisations need to start a data governance transformation to deliver a 360-degree view of customers and empower the people in charge of data protection with more automated data processing and delivery

“To fully comply with GDPR, it is necessary to understand where the data is, how it is processed and by whom, as well as ensure that the data is trusted,” said Talend senior director of data governance products, Jean-Michel Franco.

The research involved 103 GDPR-relevant companies across the globe: EU-based companies, 84 per cent, NORAM-based companies, 8 per cent and APAC-based companies, 8 per cent which conduct business in Europe from a range of industries including retail, media, technology, utilities and telecommunications, public sector, finance, and travel, transportation and hospitality.

It assessed whether companies had updated privacy policies to account for GDPR; researching whether companies had dedicated ways for consumers to request GDPR data; requesting GDPR data and assessing how quickly and thoroughly companies comply; and requesting GDPR data in a way that may be directly accessed and reused by the individual (data portability).

Franco said organisations must do more to regain the trust of their data subjects.

“They risk very significant fines and significant reputational damage in the event of non-compliance and especially through class actions – both of which could prove to be severely detrimental to a business," he said.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, follow our regular updates via CMO Australia's Linkedin company page, or join us on Facebook: https://www.facebook.com/CMOAustralia.  

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

More Videos

Algorithms that can make sense of unstructured data is the future. It's great to see experts in the field getting together to discuss AI.

Sumit Takim

In pictures: Harnessing AI for customer engagement - CMO roundtable Melbourne

Read more

Real digital transformation requires reshaping the way the business create value for customers. Achieving this requires that organization...

ravi H

10 lessons Telstra has learnt through its T22 transformation

Read more

thanks

Lillian Juliet

How Winedirect has lifted customer recency, frequency and value with a digital overhaul

Read more

Having an effective Point of Sale system implemented in your retail store can streamline the transactions and data management activities....

Sheetal Kamble

​Jurlique’s move to mobile POS set to enhance customer experience

Read more

I too am regularly surprised at how little care a large swathe of consumers take over the sharing and use of their personal data. As a m...

Catherine Stenson

Have customers really changed? - Marketing edge - CMO Australia

Read more

Blog Posts

Brand storytelling lessons from Singapore’s iconic Fullerton hotel

In early 2020, I had the pleasure of staying at the newly opened Fullerton Hotel in Sydney. It was on this trip I first became aware of the Fullerton’s commitment to brand storytelling.

Gabrielle Dolan

Business storytelling leader

You’re doing it wrong: Emotion doesn’t mean emotional

If you’ve been around advertising long enough, you’ve probably seen (or written) a slide which says: “They won’t remember what you say, they’ll remember how you made them feel.” But it’s wrong. Our understanding of how emotion is used in advertising has been ill informed and poorly applied.

Zac Martin

Senior planner, Ogilvy Melbourne

Why does brand execution often kill creativity?

The launch of a new brand, or indeed a rebrand, is a transformation to be greeted with fanfare. So why is it that once the brand has launched, the brand execution phase can also be the moment at which you kill its creativity?

Rich Curtis

CEO, FutureBrand A/NZ

Sign in