PORT.im’s survey of 100 business leaders has revealed that there is widespread misunderstanding of GDPR and data protection rules.
The research reveals only 27 per cent of businesses believed GDPR applied to their business, despite 73 per cent answering that they collected personal data on their customers – a strong indication that GDPR does apply.
Fifty-five per cent answered that they were unaware of GDPR – mirroring recent surveys that have continually shown that the majority of UK businesses are unaware of the new regulations.
Worryingly, only 35 per cent of businesses have a record of consent to store their customers’ data, 7 per cent never ask for consent and 19 per cent said they sought permission but have no record. A further 33 per cent of businesses believed they did not need a record of consent to collect and store their customers’ data.
Regarding security, 23 per cent thought they did not need to securely store and encrypt customer data, 13 per cent did not know whether they did or not, and 26 per cent believed their data was secure but admit it was unencrypted.
GDPR, which comes into force in May 2018, will allow people much more control over the data that organisations hold on them. They will be able to request, amend and delete personal data. Organisations will also need to get explicit, informed consent to hold data and contact consumers. Failing to comply with GDPR could result in a €20 million fine or 4 per cent of global turnover (whichever figure is higher) and potentially lead to reputational damage and a loss of business.
Julian Saunders, CEO and founder of PORT.im, says, ‘The headline figure that more than half of businesses are unaware of GDPR isn’t shocking – it’s in line with many surveys conducted throughout the year. What is concerning is that this figure does not appear to have changed much despite all the publicity surrounding GDPR. We believe this is because most businesses have little understanding of their current responsibilities surrounding customer data and, therefore, think they are immune to legislative changes.
‘It really is crazy that so few companies seek permission to collect and store data. Add to this the lack of data security and general awareness and it’s really not surprising we have had so many data breaches this year.
‘My message to business owners is that they need to get smart fast. Acting responsibly and ethically with customer data is a crucial way to protect and enhance brand reputation and ensure customer trust.’
Previous research by PORT.im reveals 78 per cent of consumers have recently been contacted by a business without their consent, 70 per cent have not heard of GDPR and 61 per cent would not share data even if they directly benefit.