With GDPR due to arrive on May 25 many companies in Britain are concerned about the potential fines if they suffer a data breach in future. But are they focusing on the wrong issue?
Just as important is the prospect of millions of people wanting to have their personal data edited to deleted when they are handed new rights over their data as part of the new regulation.
This new right is part of a so-called ‘right to be forgotten’ or ‘right to erasure’ if we use the exact wording of the regulation; and is already gaining traction with the public.
Now businesses should be bracing themselves for exactly what this means – and how much it will cost them.
A survey commissioned by Crown Records Management has revealed some important results when it comes to how many people could ask for their data to be removed or altered.
The results, after more than 2,000 people were polled by Censuswide across the country, revealed:
- A massive 71% said they would (either definitely or possibly) ask a company to edit or delete their data when the new regulation comes into force. In an adult UK population of 52.6 million this could result in an incredible 37.3 million requests.
- Only 8% gave a straight ‘no’ when asked if they would want data edited or deleted.
- 34% of 25-34 year-olds said they would definitely ask for their data to be edited or deleted.
- More than half of directors said they would definitely ask for their personal data to be changed or removed.
- A massive 57% of those working in the legal profession said they would definitely want data edited or deleted – with another 29 % saying they would ‘possibly’ do so.
These results really are astonishing. We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.
But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses.
Even if only the 25% who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.
The likelihood is that the number of requests will, more than likely, be much less– what people say they will do and what they actually action is often different. But the results show that the data climate is changing and should nevertheless be a warning to businesses of what lies ahead.
Companies should already know what data they have, where it is, how it can be accessed and how it can be edited. But the GDPR regulations will make this mandatory. A full data audit now before the regulation comes in is the very minimum required to start the preparation process.
There are also significant budget implications to consider if they are going to cope with the volume of requests which come their way. You have only to look at the impact that Freedom of Information Requests have had on some businesses and public bodies to know that this may require an entire new department to help deal with the issue.