RGPD and how it has affected the companies
All companies have seen how the RGPD has become something to be taken into account in their decisions, however, in practice the situation is different due to the following factors:
1.- Digital information involves more than ever the companies in terms of data management
2.- Some of the problems generated by the RGPD are the general ignorance of the regulations and the complete absence of automation mechanisms.
The leading company in cloud-based data integration Talend stated in 2019 that 60% of companies do not offer such data to their customers when they request it, despite the fact that these have one month of term extendable by two more months if necessary taking into account the complexity and the number of requests, always explaining the reasons in case the request is not met or informing the reason for the extension
Similarly, the AEPD (Spanish Data Protection Agency) notes that in Spanish territory only 34% of SMEs comply with the rights that allow users to access, rectify, cancel and oppose shared data.
These are an example of data that show that, after two years since the rule’s exit, it is still not fully applied, which means that companies face fines that reach 20 million euros or 4% of their annual turnover.
Why hasn’t the RGPD been successfully implemented in all shops?
These are some of the reasons why many companies have not yet responded adequately:
1.- Automation, the great weakness of many companies
There is no denying that the Internet has changed the rules of the game in terms of data and data processing. In the same way, many companies have not been able to adapt to these changes due to the lack of automation:
- The fact that the data is now virtual, so there is an absence of a physical view of it as well as the property of it is not defined.
- Despite the fact that the data are virtual, the processing of these remains manual.
- Applications for the rights of the person concerned (SHR) are still too expensive to process. One study revealed that companies spend around $1,400 per SRH
2.- General lack of knowledge on both sides, worker and employer
Another study carried out by the AEPD reveals that SMEs are in the following situation:
- Knowledge of the regulations only reaches 63%.
- The obligation to draw up a register of activities is only met by 60%.
- Only 59% are aware of the processing obligations
However, on the workers’ side, more than 30% of the workers do not know the protocol for handling their personal data, and 50% do not know what a Data Protection Officer is, which shows that many companies do not communicate their functions or do not have one.
The websites of EU companies that meet the minimum requirements do not even reach 12%, and it is difficult for the user to reject them, either because there is no method to “reject all cookies” or because the option to “accept cookies” does not send a window.
Thanks to these practices, the user, even if he does not want to, is forced to accept the cookies
If you want to read more about the RGPD, you can do it here.