Today, putting the letters ‘GDPR’ into Google will generate over 420,000 news articles, some detailing the expected impact of the regulation, and others casting doubt on businesses and their readiness.
Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they occur. As expected, responses have been mixed.
Now, with less than 190 days to go, we’ve dug a bit deeper, surveying both consumers and C-Level executives across the UK, U.S, and Germany to get to grips with what they know about GDPR, and more importantly, what they don’t.
A lack of trust
It shouldn’t come as a surprise to anyone that when GDPR is in full force, consumers will hold the power. They’ll not only be able to ask what data an organisation holds on them, where it’s stored, and who it’s being shared with, but will have the right to ask businesses to remove them from their systems altogether.
Alarm bells not ringing yet? They should be, as our survey reveals that half of consumers believe commercial organisations don’t care about their privacy, and claim to not trust anyone with protecting their personal information. Although disappointing, it’s hardly surprisingly considering the amount of high-profile data breaches that have been hitting businesses over the last year or so, with consumer data often being the target.
Despite the NHS falling victim to the devastating WannaCry ransomware outbreak in May, healthcare providers still fared better than other industries, with only six per cent of UK consumers revealing they trusted retailers. Our own Data Threat Report released earlier this year found that two in five retailers across the globe experienced a data breach in the last year.
Interestingly, organisations you would typically associate with trust, such as financial services, were also negatively perceived by consumers, with only one in five respondents claiming to trust them.
A role of responsibility
With the topic of GDPR growing bigger, and people becoming more aware, organisations have a duty of care to reassure consumers their data is in safe hands. Not only should GDPR be seen as a legislation, but, more importantly, as an opportunity for forward-thinking businesses to promote themselves as trustworthy.
Despite the serious implications to their company, including detrimental fines of up to €20 million, around two-thirds of UK-based organisations believe that implementing measures to become GDPR compliant will increase the level of complexity and red tape within their business.
Organisations are now up against a consumer pool that cares where and how their data is being used. Yes, with GDPR comes additional administrative considerations, including the organisation of data silos, but with it also comes a chance to gain a competitive edge.
The implementation of GDPR comes for the right reasons. The short-term pain that companies are facing in order to comply is a push in the right direction towards understanding why it is necessary and raising awareness of the positives that come with it.
For organisations taking a ‘wait and see’ attitude, there are more than just eye-watering fines at risk, with the ‘silent’ approach only set to make consumers worry more about the safe-keeping of their information. Organisations that have put more time and effort into preparing for May 2018 stand a much better chance of success than their competitors. In a time when all businesses are viciously, competing on both product and price, customer trust and loyalty is make or break.
If you want to find out if your business is ready for GDPR, or to find out how we can help along the way, take a look at our GDPR landing page and read our latest survey in full.