Companies may be quaking in their boots over the prospect of huge fines for a data breach under GDPR but that could be a mere sideshow, according to a new study, which shows that nearly three-quarters (70%) of consumers plan to exercise their right to get a copy of the data firms hold on them.
The research, carried out by Baringa Partners, covers banking, insurance, energy, TV, phone and Internet sectors, also claims firms risk losing up to 55% of their customers – a third of which instantly – if they suffer a significant loss of personal data.
But the research also reveals that while 64% of customers currently trust companies with their personal data, specific practices, such as transparency relating to data privacy policies or using data for reasons other than its original purpose, are considered to be less important – at the moment.
There have already been claims that the so-called “right of access” could spark compensation payments that will make the final PPI claims bill – of over £30bn – look like a drop in the ocean.
And, Baringa director Daniel Golding believes customer attitudes and behaviours towards data are likely to change. When the new rules come into force and companies are required to supply a copy of all personal data on request and for free, 70% of people say they are likely to take advantage of the service.”
He insists companies urgently need to demonstrate they have strong data protection policies in place. “The introduction of GDPR will more easily expose those with insufficient or flawed practices and the consequences could be disastrous,” Golding added.
Where multiple versions of customer information are saved to different systems, companies are more exposed to the risk of hacks or unauthorised use. The potential danger to customer retention draws attention to the investment choices companies need to make now for the sake of their business under GDPR, the report authors claim.
“Companies without centralised data governance will struggle to locate and respond efficiently with their data. So, GDPR isn’t only about protection; it’s about proactively speaking to customers and explaining what data is currently held on them and why. This is a real opportunity for companies to set themselves apart.”
Firms face bombardment of data requests under GDPR
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’