Are you making a meal of right to access requests?
A new study reveals that more than half of companies are failing to provide consumers with copies of their data within the one month time line following a right of access request. The research, which was conducted amongst organizations in the EU, US and Asia Pacific, also revealed that twenty per cent of organizations had provided inaccurate or incomplete data to their customers and over a third (38 per cent) failed to reply or were uncontactable.
Unsurprisingly European companies were found to be the most responsive, followed by US organizations. All of the organizations based in APAC that were contacted failed to respond at all.
The study revealed education to be the most responsive sector which had an 100 per cent response rate, but only half of those responses produced accurate data.
Financial services companies responded successfully in 47 per cent of cases, but produced incorrect data on 26 per cent of occasions and did not reply in 21 per cent of cases.
Retail organizations responded to almost half (46%) of requests, but supplied wrong data on 21 per cent of occasions. Retailers failed to reply to just under one-third (29%) of requests.
Transport, travel and hospitality companies came next, with correct and timely responses in 45 per cent of cases, and incorrect data supplied in just one in ten cases. However, some 40 per cent of requests resulted in no reply.
Interestingly, the public sector was the least responsive, with no reply recorded in 43 per cent of cases, while correct data was successfully returned 29 per cent of the time. In 29 per cent of cases, public sector bodies were uncontactable.
Media companies, telcos and utilities were nearly as bad, providing accurate data on only 32 per cent of occasions. In 26 per cent of cases, incorrect data was supplied and 37 per cent failed to reply at all.
GDPR has now been in force for over 18 months and right to access is proving to be one of the most actioned areas of GDPR by consumers. A study by Wilmington Millennium earlier this year revealed that 29 per cent of consumers in the UK had made a right to access request.
This shows that whilst it is the data breaches that are hitting the headlines and generating the big fines, it is in fact the more menial data management side of the regulation that needs attention. The key is for a compliant customer data platform which means responding to consumer requests for personal information becomes a process that can be implemented quickly and easily rather than becoming a huge chore which guzzles time and resource.