The lure of compensation pay-outs and the chance to get their own back on companies who might have treated them badly: these are two of the reasons that will tempt UK consumers to use their new rights under the General Data Protection Regulation (GDPR), new research suggests.
Under the GDPR, a major shake-up of data privacy laws which comes into effect next May, data access requests must be turned around free of charge and within 30 days. Businesses will need to have adequate systems and processes in place to quickly locate individuals’ personal information and be ready to handle the extra administration involved.
The survey of 1,000 UK consumers suggests that around half (52 percent) would make a request if they suspected their personal information was being held without their consent; 39 percent would consider doing it just because they are curious to see what data companies are holding about them; and 26 percent would make a request if there was a chance of compensation - which is possible if the rules were not being followed or their privacy was being breached, for example. 17 percent would make a request in order to ‘get back’ at companies who had given them a negative experience.
In fact, only seven per cent of UK consumers would not be interested in seeing the personal information companies are holding about them, according to the survey carried out by UNICOM Global’s Macro 4 division in partnership with MaruUsurv, the online survey company.
GDPR requests will pose a challenge for organizations both because personal data now includes so many different types of information and because it is difficult to predict just how many requests to prepare for, explained Lynda Kershaw, Marketing Manager at Macro 4:
“Personal information can be anything that is identifiable to an individual: everything from contact details, date of birth and credit card numbers, to information within emails and social media conversations, letters, bills and policy documents. Much of this is unstructured information held in separate systems controlled by different business departments and cannot be pulled together at the snap of your fingers.
“And things get even more complicated if you’re an online or ecommerce business that tracks people’s online behavior - such as the web pages they visit and ads they click - for marketing purposes. Under the new rules, cookies, IP addresses and other online identifiers all count as personal data. You need to explain exactly how you are using this kind of information, and be able to respond to customer queries about it, too.”
62 percent of the survey sample said they want stricter rules surrounding data collected about people’s online behavior (sites they visit, ads they click and purchases they make). The GDPR takes account of this by classifying online identifiers such as computer IP addresses as personal information.
Surprisingly, with over six months to go before the GDPR takes effect, the research suggests that 66 per cent of consumers already have some awareness of the regulation. 43 percent say they want to see bigger fines for companies who are not following data protection rules.
While tough financial penalties are expected for failing to comply with the GDPR, experts believe companies should also be concerned about compensation litigation, which could mimic the activity that has grown around payment protection insurance (PPI) compensation pay-outs. This supposes that hundreds or thousands of individuals could be brought together by law firms to mount ‘no-win, no-fee’ class actions against organizations who have not adhered to the new data privacy regulation.
About the survey
Macro 4 partnered with online survey company MaruUsurv to run a survey of 1,000 UK adults in September 2017.