GDPR Compliance Rate Remains Low According to New Talend Research
REDWOOD CITY, Calif.,
"These new results show clearly that Data Subject Access Rights is still the Achilles' heel of most organizations," said Jean-Michel Franco, Senior Director of Data Governance Products at Talend. "To fully comply with GDPR it is necessary to understand where the data is, how it is processed and by whom, as well as ensure that the data is trusted. With several data protection regulations coming into force in the US (California Consumer Privacy Act in
Major findings of the research benchmark include:
The "Laggards": Public sector organizations and companies in media and telecommunications industries are struggling to meet the requests
The research revealed that only 29% of the public sector organizations surveyed could provide the data within the one-month limit. With an increasing use of data and new technologies - facial recognition, artificial intelligence - by the public sector to improve the citizen experience, the need for more integrated data governance is a must-have for 2020 and beyond. The same observation applies to companies in the media and telecommunications industries; only 32% of these organizations reported that they could provide the correct data on time.
The "Could Do Better": Retail, financial services, travel, transport and hospitality firms barely reach an average success rate
Compared to last year, retail companies improved their success rate with 46% of such companies reporting they provided correct responses within the one-month limit. A greater proportion of companies in this industry started to take a customer-centric approach to both improve the experience and internal processes. The same situation occurs with organizations in finance as well as in travel, transport, and hospitality industries. In addition, the latter are considered as the best performers as companies in that industry represent 38% of all the organizations who provided data in less than 16 days.
The lack of automation remains a barrier to success
One take-away from this new benchmark is the lack of automation in processing requests. One of the main reasons companies failed to comply was the lack of a consolidated view of data and clear internal ownership over pieces of data. In the financial services industry, for example, clients may have multiple contracts with a company that may not be located in one place making it difficult to retrieve all necessary information. Processing the requests thus remains very manual and often Involves the business users, e.g. the insurance representatives in the case of an insurance company. In addition, processing Subject Right Requests can be very costly; according to a recent Gartner survey, companies "spend, on average, more than
ID proof and requesting process should be improved
The research also highlights the lack of an ID check during the data request process of the individual requesting data. Overall, only 20% of the organizations surveyed asked for proof of identification. Moreover, of the companies surveyed that reported asking for proof of identification, very few use an online and secure way of sharing ID documents. Instead, most of the time, copies of identification were provided by email. The requesting process also remains cumbersome with reported difficulties including finding the right email address to send the request, and follow up emails because the data is incomplete or because the files can't be opened.
The full results of the benchmark will be presented by Jean-Michel Franco at the
About the Research
Talend conducted market research to assess companies’ ability to comply with the new GDPR regulation. The research involved 103 GDPR-relevant companies across the globe (EU-based companies [84%], and NORAM-based companies [8%] and APAC-based companies [8%] that conduct business in Europe) from a range of industries (retail, media, technology, utilities & telecommunications, public sector, finance, and travel, transportation & hospitality).
The analysis involved the following:
- Assessing whether companies had updated their privacy policies to account for GDPR
- Researching whether companies had dedicated ways for consumers to request GDPR data (i.e., the personal information the company has on them)
- Requesting GDPR data and assessing how quickly and thoroughly companies comply
- Requesting GDPR data in a way that may be directly accessed and reused by the individual (data portability)
Talend (NASDAQ: TLND), a leader in cloud data integration and data integrity, enables companies to transform by delivering trusted data at the speed of business.
Talend Data Fabric offers a single suite of apps that shortens the time to trusted data by solving some of the most complex aspects of the data value chain. Users can collect data across systems, govern it to ensure proper use, transform it to new formats and improve quality, and share it with internal and external stakeholders.
Over 3,500 organizations across the globe choose Talend to rely on trusted data to make business decisions with confidence. Talend has been recognized as a leader in its field by leading analyst firms and industry publications including Forbes, InfoWorld and SD Times.
1 Gartner: 5 Areas Where AI Will Turbocharge Privacy Readiness, Bart Willemsen,
Lexus Kantz Talend firstname.lastname@example.org