• Contact DPO Centre
  • 0203 797 1289
  • hello@dpocentre.com
DPO CentreDPO CentreDPO CentreDPO Centre
  • * Join Us *
  • Services
    • Outsourced Data Protection Officer
    • Article 27 EU and UK Representation
    • Consultancy
    • Interim Support Services
    • Return-to-Work Compliance Check
    • Training
    • Advice Line
    • The Data Security and Protection Toolkit (DSPT) Audit
    • Caldicott Guardian
    • Services for Schools
  • Sectors
    • Finance &
      Insurance
    • Medical &
      Healthcare
    • Software &
      Technology
    • Retail &
      eCommerce
    • Education
    • Charities &
      not-for profit
  • Case Studies
  • About Us
    • About Us
    • Our Team
    • Benefits of Outsourcing
    • *Join the Team*
    • Events
    • News
  • Blog
  • Resources
    • UK Data Protection Index
    • DSAR White Paper
    • COVID-19 Remote Working Tips
    • GDPR Basics
    • Why you need a Data Protection Officer
    • Why you need GDPR Representation
    • GDPR Policy Toolkit
    • The impact of Brexit on GDPR
    • Christmyths
    • The Full GDPR Text
  • Contact us
  • Home
  • Data Protection
  • The DPO Centre’s Research Results – 7 steps for handling customer data
Accountability guidance blog part 3
ICO Accountability Framework: Part 3
December 11, 2020
EUDP Guidance Controller Processor Blog
Updated EDPB Guidance on Controllers and Processors – Part 1
January 11, 2021

The DPO Centre’s Research Results – 7 steps for handling customer data

December 28, 2020
Categories
  • Data Protection
  • DSARs
  • GDPR
Tags

In 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable time investment and financial cost, to ensure that they are handling consumers’ personal dataInformation which relates to an identified or identifiable natural person.... safely and securely. This has been a lengthy processA series of actions or steps taken in order to achieve a particular end.... which has been complicated further by the pandemic and the rush to the virtual world.   

In November this year, the DPO Centre commissioned research into consumers’ views on how companies are handling their personal data, hoping to gain insight into whether the work that companies have put into data protection has increased consumer trust in their data processing activities. The results of this research, conducted by Opinium Research, reveal that 44% of UK adults believe that their personal data has been mishandled by companies, suggesting that a large number of people remain concerned about how their personal data is being processed.  

The above statistic reveals a distinct lack of trust between consumers and companies, something that is also reflected in the fact that when asked, over half (54%) of respondents said that they believe companies collecting personal data for the purpose of NHS Track and Trace are also using it for other purposes. Of those that think companies are using their personal data for reasons other than Track and Trace, 40% believe they are probably are doing this, whilst 14% say that they definitely are.  

Despite a significant number of people thinking that their data has been mishandled, only one in ten said that they have considered submitting a Data Subject Access RequestA verbal or written request made by a data subject to: access their data (in a portable format if requested), be informed about how it is used, to have their data modified if it is incorrect, or to have it deleted.... (DSAR). Those aged between 18 and 34 years old are most likely to have considered submitting a DSAR (20%), compared to those aged 35-54 (14%) and 55+ (4%). The low number of people that have considered this course of action is perhaps indicative of the fact that people are either not aware of their rights, or unsure how to exercise them. However, as time goes on and awareness increases, it is probable that the rate of people submitting DSARs to companies will increase, so companies need to be ready for this. Awareness of data protection and data subjectAn individual who can be identified or is identifiable from data.... rights may well be accelerated by the pandemic, as the handling of NHS Track and Trace data has pushed data protection to the forefront of many people’s minds that previously may not have considered it to be a pressing issue. 

Commenting on these results, Rob Masson, CEO at The DPO Centre, says “Companies should expect DSAR requests to increase over the coming years as one of the fallouts from the pandemic. However, they could be a costly and lengthy process that companies can easily avoid if they put the right procedures in place. An easily accessible privacy policy that explains clearly how customers’ personal data is used can often help to allay concerns that could otherwise lead to a DSAR.” 

Conclusion 

Overall, these results indicate that companies need to be doing much more to reassure customers that their data is safe and being stored and processed correctly.  

Rob Masson, CEO at The DPO Centre, concludes that “Our research reveals that businesses need to show customers that they are collecting their information in a secure and transparent way.” Being transparent with consumers is essential to gaining their trust and confidence that you are dealing with their data in the correct way.  

Below, we list seven steps that companies should take when handling consumer data that will help demonstrate to their consumers that they are taking their data protection obligations seriously:  

  1. Be open and honest about the personal data you collect and how it is used by publishing the details in your privacy noticeA clear, open and honest explanation of how an organisation processes personal data.... 
  2. Ensure your privacy notices and policies are reviewed regularly and kept up to date 
  3. Make it easy for data subjects to exercise their rights and freedoms by providing them with an easy way to contact you 
  4. Respond to data subjects’ rightsUnder UK data protection regulation, data subjects have a number of rights available to them – to be informed, access, rectification, erasure, restrict processing, data portability, to object and further rights in relation to automated decision making and profiling.... requests without undue delay and within statutory timescales, usually one month from identity verification 
  5. Take a proactive approach to safeguarding data subjects’ rights by employing data protection by design and default (‘privacy by design’) principles when introducing new technology and processes 
  6. Understand the potential ramifications of the UK failing to achieve an adequacy decision and how to ensure that international dataflows can continue 
  7. Check whether you are legally required to appoint an EU Representative after Brexit (if you process data on EU residents but don’t have a presence in the EU) 

 

NB: This research was conducted by Opinium Research, 13-17 November 2020 based on a 2,000 nationally representative weighted sample. 

Enquire

Fill in your details below and we’ll get back to you as soon as possible

Alternatively click one of the options below to speak to us

 

Email Call

Share

Related posts

January 25, 2021

What is Adequacy?


Read more
EUDP Guidance Controller Processor Blog
January 11, 2021

Updated EDPB Guidance on Controllers and Processors – Part 1


Read more
Accountability guidance blog part 3
December 11, 2020

ICO Accountability Framework: Part 3


Read more

Contact us

The DPO Centre Ltd
Head Office: 50 Liverpool Street, London, EC2M 7PR
The DPO Centre (Europe): Alexandra House, 3 Ballsbridge Park, Dublin, D04 C7H2, Ireland
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ
Telephone: +44 (0) 203 797 1289
Company Number: 10874595 VAT: GB 275694357

More information

  • Contact us
  • Sitemap
  • Privacy Policy
  • Cookie Notice

 

© 2021 DPO Centre. All Rights Reserved.