tashka2000 - Fotolia

Consumers do not trust companies with personal data, survey shows

UK firms still have much work to do in preparing for GDPR compliance, minimising the risk of identity theft and regaining trust, according to law firm Winckworth Sherwood

More than a quarter of UK consumers are most concerned about their identity being stolen through data held by employers, retailers or on social media, a survey has revealed.

Almost a fifth are concerned about their personal data being sold on to other companies, while 12% are concerned their data might get stolen from the companies that hold it, according to a YouGov survey or more than 1,600 UK consumers.

As people’s lives shift online, data protection is being moved to the top of the agenda for businesses in preparation for compliance with the European Union’s (EU’s) General Data Protection Regulation (GDPR) by 25 May 2018.

The survey also revealed a difference between younger and older respondents in their attitude towards personal data security.

While 30% of respondents aged 50 and over are more concerned about the risk of their identity being stolen, 29% of 18-24 year olds said they were more concerned about not knowing what companies will do with their personal data.

“Statistics such as these show that companies are far from gaining the trust of consumers in protecting their personal data,” said Andrew Yule, partner at law firm Winckworth Sherwood, which commissioned the YouGov survey.

“Much work is still to be done in preparing for GDPR compliance, minimising the risk of identity theft and regaining that trust,” he said.

Commenting on the generational gap over data concerns, Yule said it is most likely a reflection of greater financial responsibility and the type of information stored online.

“As people get older, there is an increase of data relating to mortgages, loans, credit cards and savings, which provides a fuller identity profile,” he said.

Read more about GDPR

Businesses have a greater responsibility than ever, said Yule, to ensure compliance with the GDPR by 25 May 2018.

“Even with Brexit top of the political agenda, it is unlikely that GDPR will be affected since all of the regulations are expected to be incorporated into UK law,” he said.

The GDPR requires businesses to get consumers’ consent to use data explicitly and transparently, while children’s data is subject to new rules and an added layer of protection.

Businesses will also be required to make it easy for individuals to exercise the right of subject access to their data, the right to object to direct marketing and profiling, and to move their data from one supplier to another.

Winckworth Sherwood outlines five guidelines for companies preparing for GDPR compliance:

  1. Start preparing now – a basic audit will help show where updates and new policies/systems are needed.
  2. Identify all sources of personal data and understand where it came from, why it is held and what is done with it.
  3. Check if a data protection officer needs to be appointed. If not, find a senior lead to manage the transition across all areas of your organisation.
  4. Start to develop an incident response plan and the capacity to conduct privacy impact assessments (PIA).
  5. Ensure processes and procedures are documented and demonstrate compliance.

Read more on Privacy and data protection