Skip to main content
close search
site logo
Dive Brief

58% of companies fail to meet GDPR's data request deadlines

Published Dec. 4, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Matthew Henry for Unsplash

Dive Brief:

  • More than half of "GDPR-relevant companies," (General Data Protection Regulation) 58%, failed to address data requests within the designated one-month timeframe, according to research from Talend. By comparison, last year 70% of companies didn't meet requests on time. 
  • The average cost of a single data subject access request (DSAR) is $1,400, said the report, citing Gartner. The public sector, followed by media, telecommunications and utilities are the laggards of GDPR compliance. 
  • Companies can fail compliance when they lack a data privacy officer (DPO), have an inability to locate data or deleted data, and are overwhelmed. More than one-fifth of companies will rely on extensions allowed under article 12.3 of GDPR to provide all the requested data. The article states, in part, the period may be extended by two months "where necessary, taking into account the complexity and number of the requests."

Dive Insight:

GDPR got its teeth this year. Companies, including Google, British Airways and Marriott International, were handed record fines for intentional or negligent misuse of data. 

Early in its enactment, GDPR fines were levied largely against big tech for data broking, but this summer British Airways and Marriott International reframed the cost of a data breach. Because GDPR is a comprehensive law, any violation of data privacy could result in a fine, regardless of the industry, the data, or how the data was mishandled. 

Samantha Schwartz/CIO Dive, data from Talend
 

The majority of companies, 80%, said GDPR implementation was more difficult than other data privacy or security requirements, according to a Ponemon Institute and McDermott Will & Emery report. Implementation was challenging because regulations fail to articulate what appropriate security standards are. Contacting regulators for guidance has also had difficulties.  

Talend found that a lack of data control or visibility contributed to slower processing times and upticks in extensions, which could contribute to the risk of a breach. Organizations put privacy compliance on their security organization because DPOs don't operate in a vacuum. Infosec teams are often the right-hand men and women of the DPO. 

Smaller organizations, without a DPO, will rely on the security chief for privacy compliance. 

When companies struggle with tracking personal data or securing a request on time, it's because they don't have effective change management in place, according to Talend. So-called off-label solutions can moonlight as data privacy tools, including information rights management, and security and risk management.

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell