Situation after four years of GDPR: only one in seven companies respects their ‘right of inspection’ – ICT news

The GDPR law will turn exactly four years old this Wednesday, May 25th. But can you really know what data companies keep about you? This is not really the case, according to a survey conducted by MultiMinds among around seventy companies, of which only 14% grant timely and correct access to their personal data.

The General Data Protection Regulation (GDPR), namely the General Data Protection Regulation, is a privacy law, intended to better protect the data of European citizens. This law stipulates, in particular, that individuals have the right to require companies to erase their data if it is no longer necessary for the purpose for which it was collected.

A quarter of companies simply say no

But whether supermarkets, telecom operators or banks, a recent survey shows that, in practice, few companies respond favorably to the ‘right of scrutiny’ under European rules. “Even four years after the introduction of GDPR, unfortunately there are still many problems,” concludes Siegert Dierickx, co-founder of MultiMinds. “Companies do not react within the deadline or only give incomplete responses to requests for information on personal data. It is mainly companies that use an automated process that comply with the rules”.

Of the 118 requests submitted to 69 companies active in Belgium, 67 percent of them responded to the request within the legal period of one month. Nearly 9% react too late and no less than one in four companies do not react. What is even more concerning is the quality of the responses: in four of the five cases, data is not provided or is incomplete.

‘A disappointing result,’ says Dierickx. “At first glance, many companies appear to comply with the law through mandatory pages on their website. In practice, however, we see that it is mainly companies with a clear process and an automated data management system that really manage to comply with the rules.’

Manual intermediate steps

Throughout the survey, only 14% of companies were able to provide personal data in a timely and complete manner. Unfortunately, in organizations where response time, data quality, and customer experience depend on manual intermediate steps and human intervention, things still often go wrong.

The survey was conducted from February to April 2022. The consultations covered four basic questions: (1) What information do you have about me? (2) How do you use them? (3) Who do you share them with? (4) Where does this data come from? Requests were then reviewed by data analytics specialist MultiMinds against predefined parameters in the request process, response time and response integrity.

The General Data Protection Regulation (GDPR), namely the General Data Protection Regulation, is a privacy law, intended to better protect the data of European citizens. This law stipulates, in particular, that individuals have the right to require companies to erase their data if they are no longer needed for the purpose for which they were collected. that, in practice, few companies respond favorably to the ‘right of scrutiny’ under European rules. “Even four years after the introduction of GDPR, unfortunately there are still many problems,” concludes Siegert Dierickx, co-founder of MultiMinds. “Companies do not react within the deadline or only give incomplete responses to requests for information on personal data. It is mainly companies that use an automated process that comply with the rules. Of the 118 requests submitted to 69 companies active in Belgium, it appears that 67 percent of them respond to the request within the legal period of one month. Nearly 9% react too late and no less than one in four companies do not react. What is even more worrying is the quality of the responses: in four out of five cases, the data is not provided at all or incompletely. ‘A disappointing result,’ says Dierickx. “At first glance, many companies appear to comply with the law through mandatory pages on their website. In practice, however, we see that it is mainly companies with a clear process and an automated data management system that are able to really comply with the rules, provide personal data in a timely and complete manner. In organizations where response time, data quality, and customer experience all rely on manual intermediate steps and human intervention, unfortunately, things still often go wrong. The survey was conducted from February to April 2022. The queries addressed four basic questions: (1) What information do you have about me? (2) How do you use them? (3) Who do you share them with? (4) Where does this data come from? Requests were then reviewed by data analytics specialist MultiMinds against predefined parameters in the request process, response time and response integrity.

Leave a Comment