As more of our lives shift online, data protection is being moved to the top of the agenda for businesses in preparation for the General Data Protection Regulation (GDPR) due to come into effect on 25th May 2018. Andrew Yule, partner at law firm Winckworth Sherwood, which commissioned the YouGov survey*, said: “Statistics like these show that companies are far from gaining the trust of consumers in protecting their personal data. Much work is still to be done in preparing for GDPR compliance, minimising the risk of identity theft and regaining that trust”.
More than a quarter of those surveyed from across Britain agree with the older generation - 26% are most concerned about their identity being stolen once personal data is held online by employers, retailers, or on social media. Other worrying factors for consumers include their personal data being sold on to other companies (19%) and that their data might get stolen (12%).
Andrew added: “The generational gap over data concerns is most likely a reflection of greater financial responsibility and the type of information stored online as people get older such as mortgages, loans, credit cards and savings, which all increase by age and provide a full identity profile.
“Businesses have a greater responsibility than ever before to ensure that compliance with GDPR is fully in place by spring next year. Even with Brexit top of the political agenda, it is unlikely that GDPR will be affected since all of the regulations are expected to be incorporated into UK law.”
Top five priorities for companies preparing for GDPR
• Start preparing now - a basic audit will help show where updates and new policies / systems are needed
• Identify all your sources of personal data and understand where it came from, why you hold it and what you do with it
• Check if you must appoint a Data Protection Officer – even you don’t, find a senior lead to manage the transition across all areas of your organisation
• Start to develop and incident response plan and the capacity to conduct Privacy Impact Assessments
• Ensure your processes and procedures are documented and demonstrate compliance
What will GDPR ensure for consumers?
• Businesses must explicitly and transparently get consumer’s consent to use data – tricky tick boxes will not be sufficient
• It will be easier for individuals to exercise the right of subject access
• It should be easier for consumers to exercise the right to object to direct marketing and profiling
• Individuals will sometimes have the right to require organisations to move their data for example to a bank or email provider
• Children’s data will be subject to new rules and an added layer of protection