UK Firms Struggling To Satisfy GDPR Data Access Requests

Businesses in Britain have failed to adequately prepare for the consequences of GDPR as the majority struggle to satisfy the number of data access requests that have been made.

Two thirds (63%) of UK businesses have noticed a significant rise in the number of data access requests since GDPR was introduced according to a report by Parseq.

Worryingly, 87% of UK organisations have struggled to respond without causing backlogs, delays and the threat of GDPR related fines.

Additionally, a new study from auditing firm RSM has found that 30% of European businesses admit they are still not compliant with GDPR and only 57% feel as though they are regularly complying with the regulations.

13% of businesses are unsure if their approaches are compliant with GDPR. To a large extent, this confusion is caused by a lack of understanding of GDPR. 38% of businesses failing to comply do not understand when consent is required to hold and process data.

35% of European firms are confused about how to monitor and hold employee personal data and 34% struggle to legally ensure third-party supplier contracts are compliant.

Despite the difficulties, almost three quarters of European businesses feel as though GDPR has improved the way customer data is managed and 62% have increased their cyber security budget as a consequence.

Craig Naylor-Smith, Managing Director, Parseq, said:

“GDPR made it easier for people to access their personal data from organisations. With this power at their fingertips, we expected to see that data access requests would rise.

“However, the fact that so many firms have struggled to respond to the surge in requests suggests that the pressure this has put on businesses has been greater than they anticipated, or that many were simply unprepared for what GDPR would bring.

“It could also have been affected by the August 2019 deadline for consumers to claim back Payment Protection Insurance, with individuals possibly using data access requests to help them uncover information to support their claims.

“What’s particularly interesting to see is that so many businesses state a reliance on paper documentation as a barrier. The digitisation of paper documents can make personal information easier to process and manage, make data access requests easier to respond to and, ultimately, help businesses use data to deliver innovative services in an increasingly competitive, digital landscape.”

Steven Snaith, Technology Risk Assurance Partner at RSM UK, commented:

“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders.

“Many organisations simply gave up and reverted back to the old way of doing things. But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again.”

Has your firm found it difficult to comply with GDPR? Should more guidance be offered on how firms can effectively comply with requests for personal data?