Do businesses still collect and store more data than they need?

Monday marks the two-year anniversary of the GDPR (General Data Protection Regulation). Strict regulations were introduced on May 25th 2008 on how organisations should handle customer data. Why then, even after two whole years of GDPR compliance, do organisations collect and store more customer data than they need?

A recent Netwrix survey found that 61 per cent of organisations that comply with GDPR still collect and store more customer data than necessary.

Is it simply a case of ineffective training that organisations are still not clear about the types and amount of data they should be collecting?

Questions still remain as to whether either has been achieved, with experts arguing the legislation, and the bodies responsible for enforcing it, are still finding their feet as they battle companies with a vested interest in slowing GDPR’s ultimate impact.

A report from Brave have the resources or technical expertise to enforce the bloc’s strict privacy rules or regulate the tech sector effectively. The tech firm that developed an internet browser with privacy protections to limit data tracking and advertising argues the GDPR is “in danger of failing” because EU governments have not given data regulators the tools—or money—they need to enforce the regulation properly in the two years since it was applied.

“If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities,” said Dr Johnny Ryan, Brave’s chief policy & industry relations officer, in a statement. “Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech’, and act without fear of vexatious appeals. But the national governments of European countries have not given them the resources to do so. The European Commission must intervene.”

Brussels introduced GDPR in to give people across the bloc more control over their personal data. The framework gives consumers in the region the power to demand to know how their data is being used and to have the “right to be forgotten” — in other words, the ability to have all data a company stores on them removed.

GDPR was designed to “harmonise” data privacy laws across all of its members countries as well as providing greater protection and rights to individuals. GDPR was also created to alter how businesses and other organisations can handle the information of those that interact with them. There is the potential for large fines and reputational damage for those found in breach of the rules.

The regulation has introduced big changes but builds on previous data protection principles. As a result, it has led to many people in the data protection world, including ICO  Information Commissioner Elizabeth Denham, to liken GDPR to an evolution, rather than a complete overhaul of rights. 


iCaaS software does all the hard work of achieving compliance and ultimately minimises the risk of data breaches. By securing your business, the iCaaS platform will save you time and money. More importantly it will secure your staff and help to build confidence and trust within your customer base. The solution is adaptable to any company’s needs.

iCaaS is the Trusted Standard in Data Protection and designed to make data protection easy.

Get in touch, speak to a specialist today. Call 0345 646 0066 and visit:




Scroll to Top