Some companies will spend more than 1250 hours per month meeting GDPR compliance
GDPR compliance: will companies be ready?
With the implementation of the GDPR on 25 May, all companies must comply with the requirements of the new European regulation, which is proving to be a real challenge for some companies and administrations. Between lack of time, lack of staff and lack of information, many organisations will not be ready by the deadline. According to the Senzing report, published in January 2018, 60% of companies believe they will not be ready for 25 May.
Indeed, compliance with the GDPR takes months of work: inventory, processing inventory, new mode of operation in data management, etc… The significant workload and the lack of technology in this area are considerable disadvantages for organisations. Still according to the Senzing study, the obligations of the GDPR would put more than 24% of European companies at risk of fines (which can be very high in case of non-compliance with the GDPR).
The general case
Although large companies will receive the most requests to exercise their rights, the problem is common to all organisations, regardless of their size.
For example, on average, a company will receive 89 GDPR-related requests per month, for which data controllers will have to search 23 different databases. Spending just 5 minutes per database, responding to these queries would therefore take almost 10,235 minutes, or 172 hours each month: the equivalent of a full-time employee.
The case of large companies
What about large companies? The burden is heavier for organisations with more than 250 employees who expect to receive more requests and also have more databases to query: more than 246 requests to exercise rights per month on average and more than 43 databases. At more than 7 minutes per database on average, this represents more than 75,500 minutes each month, or 60 hours of daily work, or 7.5 employees dedicated exclusively to this management.
Compliance with the GDPR on people’s rights is seen as a tough challenge, which may require a dedicated team and tools to be put in place. The fact that databases are heterogeneous and scattered over several systems is the first obstacle to an optimal and easy processing of queries. Accurate and comprehensive inventory of all databases containing personal data is another concern, and less than one in two companies (47%) are very confident that they know where all customer data is stored.
Large companies know that GDPR compliance is not easy, with over 60% expressing concern about their ability to be compliant in time. However, 56% believe that non-compliance will have an undeniable and negative impact on their brand image, both with consumers and with external suppliers and providers.
The ability of a company to respond to customer or employee requests to exercise their rights in an appropriate manner is the most visible element of its non-compliance or compliance with the GDPR. It is high time to implement effective solutions to address this.
In order to help them follow this path, Fair&Smart offers solutions for managing GDPR rights exercise requests to organisations.