Businesses to receive unprecedented data requests following GDPR rollout

UK businesses still struggling to process data access requests

Culture & Education / UK businesses to receive unprecedented data requests following GDPR rollout

UK businesses to receive unprecedented data requests following GDPR rollout

The upcoming General Data protection Regulation (GDPR) will seek to ensure that no company in Europe will be able to store or process customer data without obtaining prior and informed consent from customers, and many people across Europe are looking forward to exercise their rights and check how their data is used and stored by businesses.

A survey of 3,000 adults across Europe carried out by 3GEM and commissioned by Veritas Technologies has revealed that many of them are planning to exercise their rights and regain control over their personal data within six months after the GDPR will come into force.

As many as two in five of those surveyed said that they are planning to contact businesses to verify how the latter store and process their personal data. Once GDPR is implemented across the European Union, people will have the right to either authorise companies to store and process their data, forbid them from storing their data or exercise their right to be forgotten.

“In light of recent events surrounding the use of personal data by social media, and other, companies, consumers are taking much more of an interest in how their data is used and stored by businesses across many industry sectors,” said Mike Palmer, executive vice president and chief product officer, Veritas.

“With a flood of personal data requests coming their way in the months ahead, businesses must retain the trust of consumers by demonstrating they have comprehensive data governance strategies in place to achieve regulatory compliance.”

Onus on businesses

The upcoming GDPR will require all businesses to respond to customer requests within one month of receiving the request and failure to do so could result in huge fines. This rule will apply equally to both data controllers and data processors.

Under the new legislation, enterprises will also need to identify all personal data, check how they are stored and for what purpose they are used. While each separate data collection activity by an enterprise will require clear affirmative consent from involved parties, they will be required to obtain explicit parental consent for any data collected about minors.

The survey revealed that of those who plan to gain understanding of how much of their personal information is stored by companies and for what purposes they are processed, 56% will contact financial organisations such as banks and insurance firms, 48% will contact social media companies, 46% will contact retailers, 24% will contact former or current employers and 21% will contact healthcare providers.

As many of 65% of them plan to request access to the personal data a company holds on them and 71% ntend to exercise their right to be forgotten under the new regulations, the survey revealed. This is mainly because 56% of people do not feel comfortable having personal data sit on systems that they have no control over.

"Most consumers do not expect organisations to be capable of fulfilling their requests under the new regulation. The majority (79 per cent) believe that organisations won’t be able to find and/or delete all of the personal data that is held on them, and a fifth (20 per cent) believe that businesses will only be able to deliver up to 50 per cent of the personal data they hold," said Veritas Technologies.

Businesses still unprepared for GDPR

This belief among consumers isn't really off the mark. In January, the UK government's Cyber Security Breaches Survey revealed that 62 percent of businesses and 56 percent of charities in the UK were unaware about GDPR and that just over a quarter of businesses and charities had actually taken steps to prepare themselves for the upcoming legislation.

A further break-up of the survey's findings revealed that while 80 percent of large businesses that employed more that 250 people had heard about GDPR, only 31 percent of micro businesses and 49 percent of small businesses that hired fewer than 50 people had heard about the legislation.

In January, the Federation of Small Businesses (FSB) said that only 8 percent of small businesses that accounted for a majority of 5.7 million private sector businesses across the UK, were truly prepared for GDPR while the rest were either not preparing at all, were in early states of preparation, or were actively preparing for the landmark data protection legislation.

Veritas' findings about the lack of trust that people have on businesses is also similar to the findings of a survey carried out by RSA on 7,500 adult consumers across the UK, the US, France, Germany in February.

According to the RSA survey, 55 percent of consumers avoid handing personal data to a company they know to have been selling or misusing data without consent, and over 41 percent of them deliberately falsify data they supply to companies so as to protect themselves in the event of a data breach or companies misusing or selling their information.

As many as 78 percent, or four out of every five consumers, also said that their buying decisions are influenced by how certain companies handle consumer data. What this means is that if a firm suffers a massive data breach, it will lose the trust of a large number of consumers who would not be comfortable with dealing with the firm anymore, thereby destroying the firm's business prospects.

The following two tabs change content below.

Jay Jay

Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines


Get the latest cyber news in your inbox

Join our community of cyber professionals today!