Businesses struggling with GDPR compliance

Businesses struggling with GDPR compliance

Deloitte’s latest global survey has outlined some concerning statistics regarding how efficiently businesses are handling GDPR compliance

According to a recent survey conducted by Deloitte, only 30% of organisations are responding to customer requests regarding their personal data within the GDPR timeframe.

What is GDPR?

The General Data Protection Regulation (GDPR) came into effect in May of this year. A measure put in place to modernise previous data protection directives from the 1990s, GDPR aims to keep pace with rapid technological changes when it comes to protecting customer information. Furthermore, GDPR was implemented to set in place a more consistent set of guidelines across Europe.

Although GDPR regulations have been more effectively applied to technological advancements, it took more than four years of negotiation and discussion before GDPR guidelines were decided upon. This highlights how, even though steps have been taken, uptake is still too slow when compared to the innovation of the technology sector, and the potential misuse and monopolisation of data.

Each European country had the option to alter the laws slightly according to their own jurisdictions. In the UK, the Data Protection Act 2018 was initially greeted with some controversy, since guidelines were amended in this country to protect cyber-security researchers.

These guidelines protect the consumer by allowing them easier access to what data a company has access to, as well as introducing steeper fines to organisations who go against regulations. This is overseen and implemented by the Information Commissioner’s Office (ICO). Companies must inform the ICO no later than 72 hours after any form of breach occurs where data they have stored has been breached.

Businesses were allowed from May 2016 to May 2018 to prepare for and implement new GDPR measures, and so the question remains: why are businesses not fully adhering to the GDPR timeframe?

Is it the Brexit effect?

Post-Brexit changes should not have an overwhelming effect on GDPR guidelines, this is largely due to the contingencies each individual European country has been allowed to make so the laws most effectively work.

The two prior years businesses have had to fully prepare for GDPR have meant that businesses had the time to source other effective ways in which to gather the relevant information they need to conduct business, without breaching a customer’s right to privacy.

An example of a data breach story that made the headlines would be Facebook’s admission that 50 million ‘access tokens’ for accounts had been taken by unknown hackers. This is the kind of eventuality that GDPR regulations hopes to reduce through the introduction of stricter measures and hefty fines.

Survey conducted by Deloitte

“Six months in, what is clear is that some organisations are still grappling with the implementation of their GDPR compliance,” said Peter Gooch, cyber risk partner at Deloitte.

Deloitte has stated that in the six months GDPR has been in effect, more than two-thirds of organisations who took part in their global survey (consisting of answers supplied by 1,100 organisations) have been responding to customer data requests late.

Gooch continued: “Given the complexities of such programmes and increased consumer awareness of such requests, we would expect some bedding-in time. However, our research found that a fifth of organisations only aimed for bare minimum compliance back in May, which may be indicative of the delays some customers are currently experiencing.”

The GDPR timeframe for handling data requests submitted by the consumer (for example, the option to opt out of direct marketing or to erase their details from company systems) is one month. Although statistics for the fulfilment of this are low, it is an improvement on previous measures.

“That said, 33% of organisations surveyed continue to invest in their privacy practices, including in technology and talent,” said Gooch. “Since May, 70% of organisations surveyed have seen an increase in staff who are either partly or fully focused on GDPR compliance. For many, this included the recruitment of a dedicated Data Protection Officer (DPO). Of the countries surveyed, the UK leads in this respect, with 92% of respondents assigning a DPO.”

With DPO’s now being assigned role-specific responsibilities to handle GDPR guidelines, the number of businesses who are handling data requests in a timely manner should increase.

Gooch concluded: “Overall, organisations are taking the right steps in continuing their GDPR implementation and the majority (92%) felt confident in demonstrating their ability to conform in the long-term. In the immediate term, though, many will need to address today’s pressure to respond to data requests. This is particularly the case as online tools, enabling consumers to make mass data requests, increase in popularity.

“Those that are currently responding with some delay will need to take a more customer-centric approach, not only to meet the existing volume, but also the influx of requests their tools could create.” 

Whitepaper

The Future of Finance is in the CFO's Hands

Business The Future of Finance is in the CFO's Hands

3m
Save a Week a Month Consolidating Accounts

Accounting Software Save a Week a Month Consolidating Accounts

4m
Mitigating Risk Through Internal Control

Legal Mitigating Risk Through Internal Control

4m
Could tax season have run more efficiently?

Corporate Tax Could tax season have run more efficiently?

5m

Related Articles

UK business needs ‘ocean of answers’ on Brexit, says ICAS chief

Governance UK business needs ‘ocean of answers’ on Brexit, says ICAS chief

2y Emma Smith, Managing Editor
Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

Consulting Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

3y Stephanie Wix, Writer
Key business success priorities outlined by ACCA

Accounting Firms Key business success priorities outlined by ACCA

3y Stephanie Wix, Writer
Finance Bill 2017: Corporate tax reporting requirements 'a burden'

Business Regulation Finance Bill 2017: Corporate tax reporting requirements 'a burden'

3y Stephanie Wix, Writer
Colin: A spoonful of investment...

Governance Colin: A spoonful of investment...

3y Stephanie Wix, Writer
Autumn Statement 2016: What the papers say

Business Regulation Autumn Statement 2016: What the papers say

3y Stephanie Wix, Writer
Autumn Statement: “Consistency” in the light of Brexit

Corporate Finance Autumn Statement: “Consistency” in the light of Brexit

3y Stephanie Wix, Writer
Autumn Statement 2016: Higher taxes for a simplified system, say businesses

Corporate Tax Autumn Statement 2016: Higher taxes for a simplified system, say businesses

3y Stephanie Wix, Writer