Four years after the introduction of GDPR, many companies still have a lot of work to do. Every company has a privacy page, which is legally obligated. But once you actually make a request for your right of access, it goes wrong way too often. It leads us to the conclusion that too many companies have cosmetic solutions that seem to follow the law on the surface. But they haven’t actually installed any data architecture or process to deal with requests consistently and correctly.
We wonder if these companies get requests often. The faulty procedures imply that such cases are quite rare, since they appear unorganized and unprepared.
It’s very surprising that so many companies – even big ones and digital ones – don’t succeed in following the legal procedure. The fines of not complying with GDPR can go up to 20 million euros or 4% of the turnover.
The data subjects’ rights (Articles 12-22) — Individuals have a right to know what data an organization is collecting and what they are doing with it. They also have a right to obtain a copy of the data collected, to have this data corrected, and in certain cases, the right to have this data be erased. People also have a right to transfer their data to another organization. (Source: https://gdpr.eu/fines/)
Moreover, the risks of privacy activists or security breaches are much higher if no system is in place to safely process and protect customer data. This is not only a security concern, but it’s also a matter of respecting your customers. As such, we consider privacy protection an essential part of the customer experience.