Thales eSecurity – the specialist in critical information systems, cyber security and data security – has just announced the results of its research on the EU’s General Data Protection Regulation (GDPR). Based on a study conducted by Censuswide and sponsored by Thales eSecurity, the report captures the perceptions of consumers and businesses on the preparedness levels of organisations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as the potential business impact.
Half of UK consumers don’t believe commercial organisations care about their privacy, and many are prepared to take legal action against businesses that don’t comply with the GDPR. At the same time, businesses are concerned that the new data privacy regulations will have a negative impact on their operations and international relations.
Intended to improve personal data protection and increase accountability for data breaches, the GDPR is perhaps the most comprehensive data privacy standard to date. It presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where those organisations are headquartered.
50% of UK consumers surveyed claim not to trust anyone with protecting their personal information. Perhaps as a result of recent high-profile breaches, only one-in-five (20%) of UK consumers trust financial institutions with their information, while just 23% said they trusted healthcare providers.
Retailers are only trusted by 6% of consumers in the UK, and perhaps with good reason. Thales eSecurity’s 2017 Data Threat Report reveals that two-in-five retailers globally have experienced a data breach in the past year, and that a third had suffered more than one.
More worryingly, perhaps, 70% of UK consumers believe their information has been made available for sale online by cyber criminals.
However, with the EU GDPR’s implementation now just six months away, three quarters of UK consumers (76%) feel that increased regulation will improve the privacy of their online data.
Taking back control
Aware of the GDPR, and what it means for the privacy of their information, consumers appear to be willing to take a stand against those organisations that fail to comply with the regulation, with three-in-five (58%) of UK respondents claiming they would at least consider legal action as an option.
More than three-quarters (79%) of respondents said they would consider taking their business to another company if the one they were dealing with didn’t comply with the GDPR, while 69% suggested they might report a non-compliant organisation to the relevant industry watchdog. Three quarters of UK consumers (77%) suggested a failure to comply with the GDPR would negatively impact their perception of an organisation.
The Thales eSecurity survey has revealed a number of reasons why organisations may have more to fear from the GDPR than just consumer action and financial penalties:
*63% of UK-based organisations believe that implementing measures to become GDPR-compliant will increase the level of complexity and red tape within their business
*Almost half (49%) are concerned that the GDPR will hinder their organisation’s innovation to some degree
*One-in-five (21%) expect the GDPR to have a negative impact on relationships with their international partners
*Interestingly, while around one-in-five UK businesses (22%) believe the GDPR will lead to fewer data breaches, almost a third (32%) are concerned that its implementation will actually result in an increased number of breaches
Despite these concerns, more than a third of UK organisations (37%) remain optimistic that the GDPR will have no effect on their business operations whatsoever.
Jim DeLorenzo, solutions manager for the GDPR at Thales eSecurity, observed: “As a result of recent and ongoing data breaches, digital privacy remains front of mind for consumers. With the deadline for enforcement of the GDPR fast approaching, law firms and compensation companies will begin to focus their efforts on fighting for consumer rights. Organisations could find themselves facing multiple legal challenges in addition to the hefty fines levied by the GDPR, some of which will undoubtedly achieve national media attention. The GDPR is a change of legislation that well and truly places the onus on organisations to put their houses in order. The clock is ticking.”
*Download your copy of the Thales eSecurity report here
**Thales eSecurity commissioned the survey among 2,000 consumers in the UK and Germany (1,000 in each region) and 1,500 C-Level executives in the UK, the US and Germany (500 in each region). The research was conducted online by polling company Censuswide, an international research organisation, in August 2017