New survey highlights consumer views on imminent shake-up of data privacy regulations
Simple curiosity, the lure of compensation pay-outs, and the chance to get their own back on companies who might have treated them badly: these are some of the reasons that will tempt consumers to use new rights coming in under the General Data Protection Regulation (GDPR), allowing individuals to request access to all the personal information any organization is holding about them, new research suggests.
Under the GDPR, a major shake-up of data privacy laws which comes into effect next May, data access requests such as these must be turned around free of charge and within 30 days. Businesses will need to have adequate systems and processes in place to quickly locate individuals’ personal information and be ready to handle the extra administration involved.
The survey of 1,000 UK consumers suggests that around half (52 per cent) would make a request if they suspected their personal information was being held without their consent; 39 per cent would consider doing it just because they are curious to see what data companies are holding about them; and 26 per cent would make a request if there was a chance of compensation – which is possible if the rules were not being followed or their privacy was being breached, for example.
17 per cent would make a request in order to ‘get back’ at companies who had given them a negative experience.
In fact, only seven per cent of UK consumers would not be interested in seeing the personal information companies are holding about them, according to the survey carried out by UNICOM Global’s Macro 4 division in partnership with MaruUsurv, the online survey company.
GDPR requests will pose a challenge for organizations both because personal data now includes so many different types of information and because it is difficult to predict just how many requests to prepare for, explained Lynda Kershaw, Marketing Manager at Macro 4, which provides IT solutions to support GDPR compliance.
“Personal information can be anything that is identifiable to an individual: everything from contact details, date of birth and credit card numbers, to information within emails and social media conversations, letters, bills and policy documents. Much of this is unstructured information held in separate systems controlled by different business departments and cannot be pulled together at the snap of your fingers.
“And things get even more complicated if you’re an online or ecommerce business that tracks people’s online behaviour, such as the web pages they visit and ads they click – for marketing purposes. Under the new rules, cookies, IP addresses and other online identifiers all count as personal data. You need to explain exactly how you are using this kind of information, and be able to respond to customer queries about it, too.”
62 per cent of the survey sample said they want stricter rules surrounding data collected about people’s online behaviour (sites they visit, ads they click and purchases they make).
The GDPR takes account of this by classifying online identifiers such as computer IP addresses as personal information.
Surprisingly, with over six months to go before the GDPR takes effect, the research suggests that 66 per cent of consumers already have some awareness of the regulation. 43 per cent say they want to see bigger fines for companies who are not following data protection rules.
While tough financial penalties are expected for failing to comply with the GDPR, experts believe companies should also be concerned about compensation litigation, which could mimic the activity that has grown around Payment Protection Insurance (PPI) compensation pay-outs.
This supposes that hundreds or thousands of individuals could be brought together by law firms to mount ‘no-win, no-fee’ class actions against organizations who have not adhered to the new data privacy regulation.
Other findings of the Macro 4 research include:
- 42 per cent of consumers find it difficult to keep track of personal information they have consented to organizations collecting
- 41 per cent would be more likely to use a company that made it easier to understand what personal information they are holding and how it will be used
- 31 per cent want companies to provide discounts, special offers and other incentives in exchange for their personal information