Businesses face far more than just fines for non-compliance with the EU’s General Data Protection Regulation, a survey has revealed.
Half of UK consumers polled said they do not trust companies with their personal data, and many are willing to take legal action against those who do not comply with the GDPR, according to a study commissioned by security firm Thales.
Only one in five (20%) of UK consumers claimed to trust financial institutions with their information; 23% said they trusted healthcare providers, but retailers are trusted by just 6%.
Thales eSecurity’s 2017 Data Threat Report revealed that two in five retailers globally have experienced a data breach in the past year, and a third had suffered more than one.
More worryingly, 70% of UK consumers believe their information has been made available for sale online by cyber criminals.
However with the EU GDPR’s implementation just over six months away, three-quarters of UK consumers (76%) believe increased regulation will improve the privacy of their online data.
The research revealed more than a third (37%) of UK consumers had heard of the GDPR and almost two-thirds (57%) of these could explain it to some degree.
Privacy of consumer information
Aware of the GDPR, and what it means for the privacy of their information, the study report said consumers appear to be willing to take a stand against those organisations that fail to comply, with 58% of UK respondents claiming they would consider legal action.
More than three-quarters (79%) of respondents said they would consider taking their business to another company if the one they were dealing with did not comply with the regulation, while 69% suggested they might report a non-compliant organisation to the relevant industry watchdog.
More than three-quarters of UK consumers (77%) suggested a failure to comply with the GDPR would negatively impact their perception of an organisation.
Intended to improve personal data protection and increase accountability for data breaches, the GDPR presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where the organisation is headquartered.
The survey reveals businesses are concerned the new data privacy regulations will have a negative impact on their operations and international relations, and that there are a number of reasons why organisations may have more to fear from the GDPR than just consumer action and fines.
Some 63% of UK-based organisations believe implementing measures to become GDPR-compliant will increase the level of complexity and bureaucracy in their business.
Almost half (49%) are concerned the GDPR will hinder their organisation’s innovation to some degree, and one in five (21%) expect GDPR to have a negative impact on relationships with their international partners.
While 22% of UK businesses believe the GDPR will lead to fewer data breaches, almost a third (32%) are concerned its implementation will actually result in an increased number of breaches.
GDPR’s effect on business operations
Despite these concerns, more than a third of UK organisations (37%) remain optimistic that the GDPR will have no effect on their business operations.
“As a result of recent and ongoing data breaches, digital privacy remains top of mind for consumers,” said Jim DeLorenzo, solutions manager for GDPR at Thales eSecurity.
“With the deadline for compliance with the GDPR fast approaching, law firms and compensation companies will begin to focus their efforts on fighting for consumer rights, and organisations could find themselves facing multiple legal challenges in addition to the hefty fines provided by the regulation.
“The GDPR is a change of legislation that well and truly puts the onus on organisations to get their houses in order, and the clock is ticking,” he said.
DeLorenzo said that to help businesses make sure they are ready for GDPR, Thales eSecurity has compiled some guidelines and resources.