Fears that companies are facing a mass wave of subject access requests under GDPR have been heightened following the publication of a new study which claims that up to 37 million people could exercise their right to have their information either deleted or changed when the regulation comes into force on May 25.
Crown Records Management polled over 2,000 people in the UK, and found that 71% plan to definitely or possibly ask a company to wipe out or edit their data when GDPR is implemented. Only 8% said they would not.
This represents a major increase on a survey carried out last year by SAS, which showed that nearly half (48%) plan to activate new rights over their personal data.
Extrapolated against the UK population of 52.6 million, the latest results could mean companies across the UK will receive a staggering 37.3 million requests, although as consumer awareness of GDPR is still low, many will point out that is simply scaremongering.
There have already been claims that the so-called “right of access” could spark compensation payments that will make the final PPI claims bill – of over £30bn – look like a drop in the ocean. Again, this has been dismissed by some data protection experts.
But Crown Records Management regional manager David Fathers points out that even if only a fraction of that figure carry out the threat it will still be a major headache for most companies.
He said: “We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.
“But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses. Even if only the 25% who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.”
Firms face bombardment of data requests under GDPR
Up to 10 million eye GDPR data compensation pay-out
Data compensation claims ‘could run into millions’
Insurance firms face deleting ‘two-thirds of their data’
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws