Data law 'grey areas' give UK firms the heebie-jeebies

Almost two-thirds of UK businesses are not entirely confident in their compliance with domestic and EU regulation around data protection and cookie banners, with those in the charity sector the least assured in their practices.

So says a new study from European privacy tech company Usercentrics, which reveals that, despite consumers placing more and more value on solid data privacy practices, only just over a third (37%) of businesses say they are completely confident they are compliant with current privacy regulation.

Finance and insurance as well as software businesses are most confident in their compliance levels, while agriculture, government and public administration, and non-profit institutions present with the lowest confidence levels.

While the UK Information Commissioner’s Office has confirmed it is taking a “less is best” approach to enforcement, businesses cited the need for both clearer regulation without ‘grey areas’ (43%) and better internal resources to keep up to speed with regulatory changes (43%).

Having a designated person or team in charge of managing the process was cited by one-third of businesses (36%) as something that would further increase confidence in compliance with current regulations.

The survey of 600 businesses across the UK, Germany, Italy and Spain found that there were significant differences between small and large companies on the main drivers to ensure compliance.

Small businesses mostly fear that lack of compliance may result in losing the trust of their customers (38%), while over half (52%) of large businesses also fear the loss of trust, they are also concerned about the damage non-compliance may do to their public image (42%).

Usercetrics senior privacy expert Tilman Harmelig said: “Consumers are increasingly aware of data collecting and sharing practices and are adopting a zero-tolerance policy to poor data management.

“Their privacy is one of their highest priorities and brands that are not valuing this, are at risk of losing their customers’ trust quickly. Companies should be mindful that consent banners are the control centre for consumers to manage the data flow to the brands they interact with. If brands don’t ensure these control centres are designed in a transparent and compliant way, fines are the least of their problems.

“That is why we advocate for a privacy-first approach, an approach we call privacy-led marketing. It helps businesses gain control over their consent management in a way that ensures compliance and strengthens customer trust through transparent data management practices.”