Get started
New call-to-action
New call-to-action
New call-to-action
New call-to-action
New call-to-action
Menu
Get started
Blog header general

Legal professionals End of the Year Survey: responding to requests challenges readiness to privacy regulations

Jeffrey Wolff
Feb 18, 2020 12:01:00 AM

To get insight into the effect data privacy regulations have on the compliance activities of organizations, we conducted a short survey* at the end of 2019. In the previous blog, we have already talked about the high number of companies that - although they do collect data on EU citizens or do business in California - are still not compliant with the 20-months-old GDPR and the recently implemented CCPA. In this blog, I will dive a little deeper into the specific challenges that come with these privacy regulations.

Companies overall seem to struggle to remain compliant in an evolving regulatory landscape. Updating corporate policies to comply and improving security controls are named as challenges.

Interestingly, more than 12 percent of the respondents identify responding to requests as one of the biggest challenges to maintain a state of readiness to privacy regulations.

557_LegalProf survey_biggest challenges

Ready for subject access requests

In both privacy regulations, the “Right of Access” (GDPR) or “Right to Know” (CCPA) and the “Right to be forgotten” (GDPR) and “Right to Delete” (CCPA) are important rights and as a result, these requests have increased dramatically over the past year. Every organization is obliged to comply with these rights as well as possible and within the strict period of (usually) 30 days. In a previous blog, we have already discussed the steps that you can take to limit the impact of DSARs for your organization.

We also asked the respondents how they handle access requests. Almost half of the respondents seem to use a combination of manual and technology solution.

On average, technology-using respondents rate the performance of their current solution with 3.8 out of 5.

Twenty percent of the respondents have just manual processes in place. And an alarming 11% have no (clear) idea on how data privacy requests are being handled within their organization.

558_LegalProf survey_addressing priv requests

The benefits of technology

As a technology vendor, I only see one future-proof way to effectively handle access requests. Using advanced search technology is the only way to collect the necessary information completely and quickly. Technology is also needed to protect the privacy of people other than the requester. The requester is only entitled to see his or her own Personal Identifiable Information (PII). All personal data of others and possible confidential information must be redacted completely.

If you want to view all stats of our survey, you can follow this link to download the full info-graphic with all survey results. In the next blogs, I will discuss more details on how legal professionals deal with the challenges of privacy regulations.

* The outcome of this survey is provided for informational purposes only, and should not be construed as (legal) advice on any subject matter. ZyLAB expressly disclaims all liability in respect to actions taken or not taken based on any or all the outcomes of this survey.