Following the implementation of GDPR, it seems commercial organisations in the UK will no longer be able to take customer data for granted, for a survey has revealed that a significant number of Britons will exercise their ‘right to be forgotten’ under the new law.
Even though three in four Britons do not have a clear understanding of GDPR, a majority of them still believe that the 'right to be forgotten' clause in the upcoming legislation will be more effective in ensuring and protecting their privacy.
In May this year, the government will put into motion a landmark data protection law which it says will 'give people more control over their data, require more consent for its use, and prepare Britain for Brexit'. The law, which borrows heavily from the European General Data Protection Regulation, will bring in new rules to help the government regulate how organisations will handle customer data, how they will obtain clear and explicit consent from consumers, and how they will report data breaches to consumers and authorities.
Among some of the most path-breaking rules that the upcoming legislation will include is one that will enable citizens to have their personal data amended or deleted by companies that hold such data. Consent will not be permanent and citizens will be able to withdraw their consent anytime they wish to do so.
At the same time, companies will be required to obtain explicit consent from people before collecting their personal data or storing them for any purpose. Aside from personal information like names, addresses, email addresses, phone numbers and government ID numbers, such data will also include IP addresses, DNA, and cookies.
If any company fails to comply with the new law, resulting in a breach that compromises customer data, the Information Commissioner's Office will have the power to issue fines of up to £17m, or 4% of the company's global turnover.
A new survey of 1,000 people by media agency the7stars suggests that the 'right to be forgotten' clause in the upcoming data protection law is already a big hit among Britons. It revealed that as many as 34 percent of Brits will exercise their ‘right to be forgotten’ once the new law takes effect.
According to the survey's findings, even though only 27 percent of Britons have a clear understanding of what GDPR will entail and how it will impact them, 58 percent of them still believe that the upcoming legislation will be more effective in ensuring and protecting their privacy. 32 percent of those surveyed also said that they would trust brands with their data after GDPR comes into force.
“Given the importance of data to business operations, the fact that over a third of people are looking to exercise their right to be forgotten represents a real threat that cannot be ignored. However, there is still time for the government and brands to come together to tackle consumer concerns around data protection and privacy head on,” said Frances Revel, associate director of insight at the7stars.
Even though GDPR, or the UK's version of it, will clearly boost consumer confidence around the security of their data, it remains to be seen if organisations, including the public sector, will be able to change their data-handling protocols in time to abide by the 'right to be forgotten' clause.
Last year, research from M-Files revealed that local authorities were unlikely to be relying on an individual’s consent as a reason to process data, instead they planned on using the 'exercise of official authority' to store and process customer data. The research also revealed that 69 per cent of local authorities were not able to effectively remove personal data from their systems.
“The right-to-be-forgotten is arguably one of the most challenging aspects of GDPR... This is particularly true for the public sector, where this data is commonly trapped within information siloes and duplicated across different systems and repositories," noted Julian Cook, Vice President of UK Business at M-Files.
“The net result is that public sector organisations often don’t have a full picture of the data on their systems, so completely erasing personal data becomes infinitely more challenging," he added.