The GDPR three years on: what are the common issues facing organizations today?

May 28, 2021

GDPR third anniversary image

On 25th May the GDPR celebrated its third anniversary. Since coming into force in 2018, its influence has quietly started to take effect. The number of fines issued across Europe stands at over 282 million euros, with the last 12 months producing more fines than the previous two years combined.

While this is good news for individuals, who know that protection of their personal information is being taken seriously, it has highlighted the issues faced by many organizations, who find that complying with the GDPR is challenging, time consuming and expensive. At the same time, more customers than ever are exercising their rights to access their personal data – placing an extra burden on overstretched employees, who may struggle to respond in time.

At Macro 4 we work with organizations in both the private and public sector to find solutions to their GDPR compliance problems. One common issue is processing requests from individuals to view their personal data – known as data subject access requests. This is a real challenge for many organizations because they still rely on manual methods, meaning they struggle to meet the one month deadline to turn the requests around.

Manual processes can also lead to errors such as inadvertently exposing personal information about other people when responding to a request. This is more common than you might think. For example, if a bank is sending personal information relating to a joint mortgage application, they need to make sure the documents only include the details relating to the individual who has put in the request. The other person’s data has to be redacted, but without automated checks in place it is easily overlooked.

Another GDPR requirement is to delete personal information once a company no longer has a legitimate reason to hold it – such as a person unsubscribing or no longer being a customer. This is something else that is difficult to achieve without having reliable information management processes and tools in place.

In most cases personal information is spread around organisations in a wide range of formats – including documents, voice recordings, chat logs, texts and emails, as well as application data. This is all stored in diverse locations controlled by separate business departments, so identifying and collating every piece of information about an individual can be a challenge. You can’t afford to do things manually, especially if you have thousands or millions of customers.

While compliance can be challenging it is also an opportunity to establish a competitive advantage. Customers are increasingly savvy about data protection and will be more willing to do business with organizations that have robust systems and processes in place to safeguard their personal data. At Macro 4 we have been working with organizations to:

  • Adopt consistent processes for identifying and classifying personal information and recording where it is located so it is easier to access
  • Retrospectively classify huge amounts of historical information, using AI to speed up the process of recognizing and categorizing personal data
  • Adapt their information management systems to handle customer data in a GDPR-compliant way, including redaction and deletion, and fulfilment of subject access requests

Find out more about how we can help you meet your organization’s GDPR responsibilities.

Category: Compliance
  • Blog home
  • Register to receive notifications of future blog posts