Companies bracing themselves for the next wave of data requests under GDPR have been alerted to the emergence of a North-South divide when it comes to which UK consumers are more likely to assert their new data rights.
A study, conducted by Wilmington Millennium, quizzed 2,000 consumers over their actions since the introduction of the new regulation in May last year.
Specifically, the researchers asked three key questions:
– Had they contacted an organisation and asked them to delete their personal information?
– Had they contacted an organisation to discover what information it held on them?
– And, finally, had they contacted the Information Commissioner’s Office to make a complaint about an organisation in the belief they had unfairly processed their data or obtained it illegally?
The study reveals that a fifth of consumers (equivalent to 10 million people) were found to have contacted an organisation in a bid to have their personal details deleted and 9% (4.7 million) contacted an organisation to find out what information was held on them.
However, it is the ICO which has faced the biggest deluge, with 8% of those surveyed claiming to have contacted the regulator to report a suspected infringement – equivalent to a staggering 4.2 million people.
When it comes to regional differences, people living in Sheffield were found to be the most concerned about their data protection, ranking first or second across all three questions.
While a quarter (25%) of Sheffield residents had made a deletion request, 16% had found out what information was held on them and a further 16% had contacted the ICO with a complaint. Londoners were also found to be more motivated to protect their personal information than average, with 15% contacting a company to request their data file and 14% contacting the ICO.
People living in the West Country were the least likely to take any action around data protection, with one notable exception. Bristolians were found to be the most likely at 28% to ask an organisation to delete their data. However, they were among the least likely (4.3%) to find out what information was held on them, along with residents of Brighton (3.3%) and the least likely to complain to the ICO (2%).
People from Cardiff were the second least likely group to complain to the ICO (2.5%). In addition, residents of Plymouth were among the least likely to ask a company to delete their data (10%). The East and West Midlands and East Anglia were largely found to follow the average, although residents of Birmingham were 5% more likely to complain to the ICO than average.
Wilmington Millennium product director Karen Pritchard said “Broadly speaking, we are seeing a North-South divide emerge. With people in the North more likely to take action and people in the South being less likely – except for those living in London, who take a more Northern approach to their data protection rights.
“As GDPR moves into its second year, the ICO has announced that it will be looking to make more proactive compliance audits and, as a result, it is crucial for organisations to ensure that they keep up to date with compliance and that their customer data is as up to date as possible.”
Pritchard’s point is reinforced by Alchemetrics chief executive Dave Gurney, who said: “Now that we’ve passed the one year anniversary, work cannot just come to a halt. If anything this is where the harder work begins – maintaining compliance. This is particularly important since EU watchdogs have publicly stated that as they have become sufficiently staffed to cope with the number of complaints received they will become more active in performing proactive audits to determine how complaint most organisations are.
“When it comes to outsourcing we’ve noticed a trend in clients choosing to use data providers that hold additional certifications which have been independently assessed, such as ISO27001. These provide the assurance that data will be handled correctly, and in line with the regulations.Whatever the next 365 days will bring, what is certain is that data management and customer privacy will continue to be key concerns for organisations and demonstrating compliance will be vital.”
GDPR one year on: Data is now a major boardroom issue
The big rebuild: marketing data back to pre-GDPR levels
Data breach complaints soar by 160% in three months
Retailers and social media sites face GDPR data exodus
The dam bursts: companies hit by flood of data requests
GDPR zero hour: Now the hard work begins say experts