GDPR compliance 2018-2020

We've completed our two year study into compliance with the GDPR transparency obligation (the duty of data controllers to document their processing activities explicitly so data subjects can exercise their rights).

While we expected to find some less than perfect performance, we were surprised to find almost total non-compliance, not only in the UK and Third Countries, but also in Europe, the very seat of the Regulation. Non-compliance was characterised by a small number of very consistent and obvious failures which typically prevented data subjects identifying specific personal data processing to which they might wish to take exception.

Our key conclusion is that untrustworthy sources of guidance are being relied on, based on shallow literalist interpretations of specific Articles in isolation, taking into account neither the guidance provided by the Recitals nor recognition of the Regulation’s fundamental purpose.

Download the full report

Mike Barwise
Director, BiR