GDPR compliance 2018-2020

This exhaustive two year study into compliance with the GDPR transparency obligation (the duty of data controllers to document their processing activities explicitly so data subjects can exercise their rights) yielded some troubling surprises.

While some less than perfect performance was expected, an almost total non-compliance was identified, not only in the UK and Third Countries, but also in Europe, the very seat of the Regulation. Non-compliance was characterised by a small number of very consistent and obvious failures which typically prevented data subjects identifying specific personal data processing to which they might wish to take exception.

A key conclusion is that untrustworthy sources of guidance are being relied on, based on shallow literalist interpretations of specific Articles in isolation, taking into account neither the guidance provided by the Recitals nor recognition of the Regulation’s fundamental purpose.

Download the full report