Recently, Smarsh Principle of Information Governance Practice Shaun Hurst published an opinion piece in British newspaper The Times. The article examines the impact that GDPR is having on EU businesses and highlights the fact that many companies have been unable to keep up with the deluge of data requests they have received since the regulation came into force on May 25th, 2018.

Under GDPR, all EU citizens have been granted unprecedented rights to access any of their personal information stored by businesses across the world. Shaun writes that companies are struggling to get to grips with these new requirements while pressure is also being applied by activists and the media.

For many, the intention is to use GDPR as a weapon to draw attention to this issue of data security and data misuse. Privacy International, for example, has launched a number of complaints and data requests against the much-scrutinised data brokers and digital advertisers that gained notoriety after the Cambridge Analytica saga. There are also apps that have been created to make it as easy as possible for customers to send out data requests.

Unfortunately, the situation is unlikely to improve. British media has been quick to highlight companies that have failed to report sensitive data breaches to their customers within 72 hours, which is now illegal under GDPR. This has further stocked public dissatisfaction with EU companies’ maltreatment of personal data. Because of this, Shaun expects more EU citizens to feel emboldened to inundate companies with data requests.

While the volume of data requests is a key concern for businesses, Shaun writes that the issue at hand is the ineffective and outdated way in which companies store data. As more and more elements of modern business have become digitized – from payment to logistics to customer support – companies are now sitting on massive amounts of personal information which is all being stored on systems that were created before these advanced technologies existed.

Businesses are struggling to track down the data they hold on their customers within the time limit. In many instances it is the siloed nature of the data storage that is proving so vexing. For example, data pools can be held across multiple servers, in different formats that are not properly classified. Finding the information required is often like searching for a needle in the proverbial haystack. At the root of this imbroglio is the fact that almost all large companies store their data using legacy-archive solutions that are run on technology often created more than a decade ago.

The UK’s Information Commissioner’s Office remains ambiguous on how a GDPR data request might become litigation. However, Hurst cautions, if organizations are unwilling to take more proactive steps toward improving their data archiving solutions so that they are able to adequately process and store massive amounts of data, GDPR fines will be on the way sooner rather than later.

To read the article in its entirety, please visit The Times. There’s a paywall in place, but registration is free of charge. And if you would like more information on GDPR compliance, we can help. We recommend you read  A Practical Guide to GDPR Compliance, and visit the Actiance GDPR micro-site.