Skip to main content

UK firms still aren't compliant with GDPR

(Image credit: Image source: Shutterstock/Wright Studio)

A year since GDPR came into effect, businesses in the UK are still struggling to handle customer requests, according to a new report.

Research from Macro4 looked into 37 businesses were evaluated, mostly financial service organisations, utilities companies and telecommunications businesses. 

A third were not compliant, with most of them breaching GDPR in the same ways. The main challenges for businesses, when they get approached by customers exercising their right to access personal information stored on them, is to do it in due time, and to do it without breaching anyone else’s privacy. The GDPR says businesses need to comply with these requests within 30 days, and many companies fail to comply even after 40 days.

In other instances, this personal data included information on another person, consequently breaching that person’s right to privacy. Other challenges included systems or process failures, as well as providing information in an unreadable electronic format. Sometimes, businesses come back with incomplete data, as well.

“The overall picture painted by the study is that even after a year, many businesses – including some major global brands – still do not have efficient systems in place to manage GDPR information requests from their customers,” said Lynda Kershaw of Macro 4.

“In many cases the customer service agents we spoke to did not immediately understand what they were being asked for, or how to respond. Nearly half of the businesses came back to the customer with multiple follow-up queries for more information or clarification before they could process the information request – and three organizations came back more than three times.”

Image source: Shutterstock/Wright Studio