Wave of personal information requests predicted after GDPR

New research suggests that a wave of personal information requests are to hit firms, and the insurance industry in particular, in the six months following the GDPR deadline.

The study, commissioned by cloud data management company Veritas, suggests that 65% of UK consumers are planning to make the requests to insurance companies, the most targeted out of all industries.

EU consumers already have the right to know what data is being held, such as age, sex and religious beliefs etc. But when GDPR comes into effect on 25 May 2018, consumers will hold more power and will be able to exercise their ‘right to be forgotten’ and have their personal information deleted from the company database. According to the study, 71% of UK consumers are planning to exercise this right.

When making this request, the company has one month to respond.

“In light of recent events surrounding the use of personal data by social media and other companies, consumers are taking much more of an interest in how their data is used and stored by businesses across many industry sectors,” said Mike Palmer, chief product officer at Veritas.

“With a flood of personal data requests coming their way in the months ahead, businesses must retain the trust of consumers by demonstrating they have comprehensive data governance strategies in place to achieve regulatory compliance.”

Lack of trust

The study shows the driving force behind the consumers’ desire to make requests, with the majority wanting increased control of their personal data, but some want to make the requests just because they feel mistreated by the company and want to punish them.

The key drivers for exercising their data privacy rights are:

• Increased control over personal data: 56% of respondents don’t feel comfortable having personal data sit on systems that they have no control over.
• A clearer understanding of what data companies hold on them: 56% want to understand exactly what personal information companies hold on them.
• Data breaches increase the likelihood of receiving requests for personal data: 47% of respondents will exercise their rights to request personal data and/or have that data deleted if a company that holds their personal information suffers a data breach.
• Businesses are not trusted to protect personal data: 37% intend to exercise their data privacy rights because they do not trust companies to effectively protect their personal data.
• Consumers want to put companies to the test: over a quarter 27% want to test businesses to understand how much their consumer rights are valued before deciding whether to continue doing business with them.
• Consumers want to get revenge: 8% will exercise their data privacy rights simply to irritate a company that they feel has mistreated them.

As well as this, consumers don’t trust the companies have the capability to properly comply with the requests. 

79% believe that organisations won’t be able to find and/or delete all of the personal data that is held on them, and a fifth believe that businesses will only be able to deliver up to 50% of the personal data they hold.

Palmer added: “It’s imperative that businesses embrace technology that can help them respond to these requests quickly, with a high degree of accuracy. This means having the ability to see, protect and access all of the personal data they hold regardless of where it sits within their organisation.

”Businesses that fail to recognise the importance of responding effectively and efficiently to personal data requests will be putting their brand loyalty and reputation at stake.”