Irish consumers are deeply protective of their data after the introduction of the General Data Protection Regulation (GDPR), the SAS GDPR: The right to remain private research reveals. More than two-thirds plan to activate their GDPR rights within a year of the regulation coming into force and almost a fifth would do so in response to the next data breach.
GDPR came into effect in May this year, making organisations accountable for personal data protection and giving consumers significant new powers over their personal information. These new powers include the rights to access, query and erase the data held about them by organisations.
In 2017, SAS surveyed Irish consumers for their views on the regulation, revealing that more than two-thirds (69 per cent) planned to exercise their rights within a year of the regulation coming into force. While the latest research shows fewer (51 per cent) now intend to activate their rights this year, 22 per cent have already done so and the opposition of the Irish public to data misuse is strong.
One chance: the aftermath of the Facebook/Cambridge Analytica scandal
Irish customers are also highly motivated by external events. The Facebook/Cambridge Analytica data scandal has caused many to either activate their rights or to reassess the information they share. Excepting the 10 per cent who were unaware of the story, only 16 per cent said it had not changed their views on data privacy.
The overwhelming majority (90 per cent) of consumers were aware of the scandal and 74 per cent said it had caused them to either retract data permissions, plan to share less data or review how companies use their personal information.
Irish customers treat data sharing as a matter of trust and have a low tolerance for data mistakes or misuse, such as having their data shared with third parties without their consent. Almost half (48 per cent) would activate their data rights after only one mistake.
However, the research shows that companies can win customers back by respecting data privacy and consent. Customers are most trusting of organisations that promise they will not misuse their data (37 per cent) or will not share data with third parties (36 per cent).
David Smith, Head of GDPR technology at SAS UK and Ireland, said: “Though fewer consumers expect to activate their rights compared with a year ago, companies cannot afford to be complacent. Irish consumers know their rights, and organisations must be prepared for when the next widely publicised data breach occurs. For those organisations that have not yet achieved GDPR compliance, time is running out as the first batch of data demands arrive.
“Businesses that mishandle their customers’ data face more than just fines. If a disappointed consumer withdraws their data then the company loses crucial insight to deliver more personalised services and remain competitive. Sound, transparent data governance and analytics are essential, not only to achieve compliance but to deliver the first-class experiences that keep consumers coming back and remaining willing to share their data.”
A wake-up call for businesses
Not all sectors have been evenly affected by GDPR. In particular, social media companies and banks could struggle to manage the number of incoming data requests from customers. These companies are also the most likely to have customer data erased or withdrawn for marketing purposes.
Other findings from the research include:
– Around 53 per cent of consumers have or will remove their data from social media companies
– The greatest number of consumers object to social media companies (55 per cent) and banks (44 per cent) using their personal data for marketing purposes – insurers (42 per cent) and retailers (40 per cent) follow closely behind
– Receiving unwanted emails from companies is the Irish public’s most hated data mistake, with 56 per cent of consumers objecting to it
– Over half (55 per cent) of consumers also strongly object to their data being shared with third parties.