A survey of 1,000 UK consumers suggests that around half (52 per cent) would make a request if they suspected their personal information was being held without their consent.
According to the data from Macro 4 and MaruUsurv, 39 per cent would consider doing it just because they are curious to see what data companies are holding about them; and 26 per cent would make a request if there was a chance of compensation – which is possible if the rules were not being followed or their privacy was being breached, for example.
17 per cent would make a request in order to ‘get back’ at companies who had given them a negative experience.
In fact, only seven per cent of UK consumers would not be interested in seeing the personal information companies are holding about them, according to the survey.
As such, the research indicates GDPR requests will pose a challenge for organizations, both because personal data now includes so many different types of information and because it is difficult to predict just how many requests to prepare for.
Lynda Kershaw, Marketing Manager at Macro 4, said: “Personal information can be anything that is identifiable to an individual: everything from contact details, date of birth and credit card numbers, to information within emails and social media conversations, letters, bills and policy documents. Much of this is unstructured information held in separate systems controlled by different business departments and cannot be pulled together at the snap of your fingers.
“And things get even more complicated if you’re an online or ecommerce business that tracks people’s online behavior – such as the web pages they visit and ads they click – for marketing purposes. Under the new rules, cookies, IP addresses and other online identifiers all count as personal data. You need to explain exactly how you are using this kind of information, and be able to respond to customer queries about it, too.”
62 per cent of the survey sample said they want stricter rules surrounding data collected about people’s online behavior (sites they visit, ads they click and purchases they make). The GDPR takes account of this by classifying online identifiers such as computer IP addresses as personal information.
Surprisingly, with over six months to go before the GDPR takes effect, the research suggests that 66 per cent of consumers already have some awareness of the regulation. 43 per cent say they want to see bigger fines for companies who are not following data protection rules.
While tough financial penalties are expected for failing to comply with the GDPR, experts believe companies should also be concerned about compensation litigation, which could mimic the activity that has grown around Payment Protection Insurance (PPI) compensation pay-outs.
This supposes that hundreds or thousands of individuals could be brought together by law firms to mount ‘no-win, no-fee’ class actions against organizations who have not adhered to the new data privacy regulation.
Other findings of the Macro 4 research include:
- 42% of consumers find it difficult to keep track of personal information they have consented to organizations collecting
- 41% would be more likely to use a company that made it easier to understand what personal information they are holding and how it will be used
- 31% want companies to provide discounts, special offers and other incentives in exchange for their personal information
For more background on the survey results download Macro 4’s accompanying report ‘The GDPR: what consumers think’ at: http://www.macro4.com/the-gdpr-what-consumers-think.