All companies have seen how the RGPD has become something to take into account in their decisions, however, in practice the situation is different due to the following factors:
- Digital information involves companies more than ever in terms of data management.
- Some of the problems generated by the RGPD are the general ignorance of the regulation and the complete absence of automation mechanisms.
How is the implementation of the RGPD in companies?
The leading company in cloud-based data integration Talend stated in 2019 that the 60% of the companies do not offer said data transferred to their clients when they request it, despite the fact that they have one month term extendable for two more months if necessary, taking into account the complexity and number of requests, always explaining the reasons in case the request is not met or informing the reason for the extension
Similarly, the AEPD (Spanish Agency for Data Protection) confirms that in Spanish territory only the 34% of SMEs complies with the rights that allow the user to access, rectify, cancel and oppose shared data.
These are an example of data that shows that, two years after the rule came out, it is still not fully applied, which means that companies are facing fines that reach 20 million euros or 4% of its annual turnover.
Why hasn't the RGPD been successfully implemented in all businesses?
Here are some of the reasons why many companies have not yet responded adequately:
1.- Automation, the great weakness of many companies
It cannot be denied that the Internet has changed the rules of the game in terms of data and its treatment. Similarly, many companies they have not been able to adapt to these changes due to the lack of automation. This is due to:
- The fact that now the data is virtual, so there is an absence of a physical view of it as well as the ownership of it is not defined.
- Although the data is virtual, the processing of these is still manual.
- Data Subject Rights (SSR) requests are still too expensive to process. A study revealed that companies spend about $1,400 for SSR
2.- General ignorance by both parties, worker and employer
Another study carried out by the AEPD reveals that SMEs are in the following situation:
- Knowledge of the regulation only reaches the 63%.
- The obligation to prepare a record of activities is only fulfilled by a 60%
- The treatment obligations are only known by the 59%
However, on the part of the workers, plus the 30% of the workers does not know the protocol to process your personal data, and the 50% do not know what a Data Protection Officer is, which shows that many companies do not communicate their functions or do not have one.
3.- The cookie policy
The websites of EU companies that meet the minimum requirements they don't even reach 12%In addition, it is difficult for the user to reject them, either because there is no method to "reject all cookies" or because the "accept cookies" option does not send to any window.
Thanks to these practices, the user, even if he does not want to, is forced to accept cookies.
If you want to read more about the GDPR, you can do so here.