Most European companies failing to meet GDPR obligations

Credit: ID 104185554 © Tanaonte |

European companies are struggling to meet their obligations to provide citizens with their personal data as required by new general data protection regulation (GDPR) rules, a survey of the legislation’s first full quarter of operation has revealed.

Fully 70 percent of businesses could not address individuals’ requests to provide a copy of their personal data – a core tenet of GDPR that is encapsulated within Articles 15 and 20 – data integration provider Talend reported after an audit of 103 companies’ performance.

Retail providers were the least able to respond to GDPR enquiries, with 76 percent of such firms unable to meet their obligations. Half of financial-services companies were equally unable to respond – suggesting to some that businesses with offline and legacy systems were struggling to comply with GDPR.

The reasons for the non-compliance varied, but Penny Jones, research director with 451 Research, said that reviews had found that “while many organisations understand the importance of GDPR, many are still not taking their data seriously in terms of the technologies and processes they have in place… [and] can lack the proper methods for storing, organising or retrieving data in line with the regulation’s requirements.”

Even amongst those that could respond, 65 percent took over ten days to respond and the average time taken was 21 days.