In 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable time investment and financial cost, to ensure that they are handling consumers’ Information which relates to an identified or identifiable natural person. safely and securely. This has been a lengthy A series of actions or steps taken in order to achieve a particular end. which has been complicated further by the pandemic and the rush to the virtual world.
In November this year, the DPO Centre commissioned research into consumers’ views on how companies are handling their personal data, hoping to gain insight into whether the work that companies have put into data protection has increased consumer trust in their data processing activities. The results of this research, conducted by Opinium Research, reveal that 44% of UK adults believe that their personal data has been mishandled by companies, suggesting that a large number of people remain concerned about how their personal data is being processed.
The above statistic reveals a distinct lack of trust between consumers and companies, something that is also reflected in the fact that when asked, over half (54%) of respondents said that they believe companies collecting personal data for the purpose of NHS Track and Trace are also using it for other purposes. Of those that think companies are using their personal data for reasons other than Track and Trace, 40% believe they are probably are doing this, whilst 14% say that they definitely are.
Despite a significant number of people thinking that their data has been mishandled, only one in ten said that they have considered submitting a A verbal or written request made by a data subject to access their data (in a portable format if requested), be informed about how it is used, to have their data modified if it is incorrect, or to have it deleted. (DSAR). Those aged between 18 and 34 years old are most likely to have considered submitting a DSAR (20%), compared to those aged 35-54 (14%) and 55+ (4%). The low number of people that have considered this course of action is perhaps indicative of the fact that people are either not aware of their rights, or unsure how to exercise them. However, as time goes on and awareness increases, it is probable that the rate of people submitting DSARs to companies will increase, so companies need to be ready for this. Awareness of data protection and An individual who can be identified or is identifiable from data. rights may well be accelerated by the pandemic, as the handling of NHS Track and Trace data has pushed data protection to the forefront of many people’s minds that previously may not have considered it to be a pressing issue.
Overall, these results indicate that companies need to be doing much more to reassure customers that their data is safe and being stored and processed correctly.
Rob Masson, CEO at The DPO Centre, concludes that “Our research reveals that businesses need to show customers that they are collecting their information in a secure and transparent way.” Being transparent with consumers is essential to gaining their trust and confidence that you are dealing with their data in the correct way.
Below, we list seven steps that companies should take when handling consumer data that will help demonstrate to their consumers that they are taking their data protection obligations seriously:
NB: This research was conducted by Opinium Research, 13-17 November 2020 based on a 2,000 nationally representative weighted sample.
Fill in your details below and we’ll get back to you as soon as possible