There’s more to GDPR than just fines

From Yahoo’s admission that all three billion of its users’ accounts had been compromised, to the massive hack that exposed the data of 57m Uber customers and drivers, a number of high profile data breaches have hit the headlines in 2017.

And lest we forget, the massive fallout from consumer credit reporting agency Equifax is already fading into memory as it is overtaken by new revelations every day.

It’s perhaps little wonder then that members of the public are becoming increasingly concerned about the privacy and safety of their personal information, especially online.

According to our own research into consumer perceptions of data privacy and the EU General Data Protection Regulation (GDPR), half of UK consumers claim not to trust anyone with protecting their personal information anymore.

A similar number believe that businesses don’t care about their digital privacy.

Worryingly, almost three quarters of those surveyed were concerned that their personal information had been made available for sale online by cyber criminals, or at least for nefarious purposes.

Fortunately, however, the research also reveals that, with the implementation of GDPR just months away, three quarters of consumers believe increased regulation will improve the privacy of their online data.

Consumer power

When GDPR comes into force in May next year, it brings with it the potential for crippling fines of up to four per cent of an organisation’s annual turnover, or €20m (whichever is greater).

These large fines are reserved for the most gross and flagrant misbehaviour, and are unlikely to be levied soon or lightly. But still these new provisions and tight controls demonstrate how seriously the regulators now consider consumer privacy.

Make or break

Massive penalties aside, non-compliance could also place organisations at risk of reputational damage, loss of business, and even legal action from consumers – because when GDPR is in force, consumers will hold the power.

Not only will consumers have the right to ask what personal data an organisation holds, where that data is stored, and who it’s being shared with – but they’ll also have the right to ask for it to be removed entirely from that organisation’s data stores.

The risk is real

This risk is real, and possibly more troubling than regulator fines.

Driven by a concern over data privacy and a level of awareness of GDPR itself (over a third of respondents to our survey claimed to have heard of the regulation), businesses face the risk of their customers taking matters into their own hands.

For example, our research shows that, while two thirds of UK consumers suggested they might report a non-compliant organisation to the relevant industry watchdog, three in five said they would actually consider legal action.

Beyond the legislation

With the enforcement of GDPR looming large, and the public becoming increasingly aware of where and how their data is being used, organisations have more of a duty of care than ever before to reassure their customers that it is in safe hands.

GDPR should be viewed as more than just legislation.

Its implementation will undeniably bring with it pain points, red tape, and additional administrative concerns for businesses.

But it will also bring an opportunity for forward-thinking organisations to promote themselves as trustworthy; a point of difference in a competitive marketplace. In the current climate, where the safety and protection of consumer data are of paramount importance, customer trust and loyalty can make or break a business.

Those companies that have put more time and effort into preparing for May 2018 will stand a much better chance of success than their competitors. Businesses still have time to ensure they’re fit for GDPR, but the clock is ticking.