GDPR Data Requests Prove Challenging
It’s been a few months since the General Data Protection Regulation (GDPR) was foisted onto businesses and, as expected, it has caused quite a stir. Businesses have been inundated with data requests from customers and many are struggling to keep up. It’s only a matter of time before the Information Commissioners Office (ICO) starts issuing fines for non-compliance.
Data officers in businesses across the world have reported a huge volume of requests; Facebook and Netflix are a couple of big names that have voiced concerns.
The challenge for businesses has been further exacerbated by activist organisations like Privacy International, whose mission is to defend and promote the right to privacy. A large number of data requests have been raised from activists and this is further increasing the burden on businesses.
With not only fines but also potential litigation on the horizon, businesses need to work on streamlining their policies so they can demonstrate compliance. In particular, the one-month deadline for processing data requests is being missed and the ICO won’t wait much longer before sanctions begin.
The Challenge
Although many businesses have taken GDPR seriously, some will err on the side of the least action possible. A key reason for the problems being faced – and causing a reluctance to act – is the intrinsic difficulty of tracking data.
The systems that many businesses use to store data are over ten years old and were not built to satisfy the demands of GDPR. This, coupled with the vast amount of data now being processed, leaves businesses facing an uphill challenge to quickly and efficiently find relevant data; with the volume of requests businesses are facing, there is a real possibility they may need to change their infrastructure.
A lot of businesses hold data in different places. This could mean that it’s hard to get a comprehensive view on all data the business holds. With many databases out of date or formatted in a way that’s not easily searchable, responding to data requests can be incredibly time-consuming.
Another layer of complexity is data stored across multiple channels, with social media, messaging systems and video to name a few, which makes consolidating information more challenging.
The development of new technology over the past ten years has been incredibly rapid – businesses now digitise a wide range of their services from payments to engagement. Pulling in this data from potentially different systems is something that wasn’t considered when these systems were built.
Sharing Information
The need to disclose who you share data with is another challenge. For example, businesses that take direct debits or credit card payments are sharing data with banks – this needs to be disclosed. Similarly, businesses that use invoice discounting need to disclose this information.
The need to disclose where information is shared adds another layer of complexity. Businesses who have poor control over the data they store might struggle to demonstrate who they share that information with.
What You Can Do
What constituted compliant marketing activity received a lot of press when GDPR was implemented, but the big problem at the heart of the matter is that businesses are struggling to get a good handle on information they hold.
Businesses are limping along on legacy systems not designed for the complexity and volume of data they hold, and they certainly weren’t built to service the deluge of data requests caused by GDPR.
Most businesses need to build internal systems which provide a clear audit trail on the data they hold.
At Red Flag Alert our obsession is reliable and up-to-date business data, and it’s becoming increasingly clear that our software is the perfect solution for businesses looking to manage their data effectively.
We hold up-to-date information on every business in the UK – that’s 100,000 data changes every day. Our Red Flag Alert API allows you to integrate this data directly into your database – you will be able to demonstrate that your data is up to date. Data requests will be simplified because you will be able to quickly search for the data you hold on any business.
By having a database which is updated every day, you know your data is clean – this is the foundation from which you can ensure that GDPR is met. Without this confidence it’s virtually impossible to build robust GDPR processes.
Click here to start a free trial and let Red Flag Alert supercharge your compliance today!