Social Media Companies and Retailers Will Receive the Most Requests from Customers to Access, Delete Personal Data
Only two months after the introduction of the General Data Protection Regulation (GDPR), a SAS survey showed that a significant number of UK and Irish consumers are activating their new personal data rights, and faster than expected.
The survey of almost 2,000 consumers in both countries found that more than a quarter (27 percent) of survey participants have already exercised their GDPR rights over personal data, and more than half (56 percent) plan to do so within the next year.
This is up from last year, when a SAS survey of UK consumers showed only 42 percent planned to exercise their rights within a year of GDPR coming into force.
“This swift response shows the level consumers value and are aware of their data privacy rights under the GDPR,” said Todd Wright, Global Lead for GDPR Solutions at SAS. “Organizations need to be ready for these customer data requests. It’s increasingly clear that in this age of increased data privacy concerns, organizations that treat their customers’ data with care will be the ones rewarded, and the ones that don’t will not only face fines but the loss of reputation as well.”
GDPR took effect May 25, making organizations accountable for personal data protection and giving consumers significant new rights over their personal data. These new rights include the rights to access, query and erase the personal data held by organizations.
Impact of the Facebook/Cambridge Analytica data misuse
At the same time, the Facebook/Cambridge Analytica data misuse story has increased awareness and interest in data privacy. Seventy-six percent of UK and Irish survey participants who were aware of the Facebook/Cambridge Analytica story have either activated their GDPR rights or at least reassessed the information they share and how organizations use it.
According to the survey, consumers view the handling of personal information as an issue of trust and have a low tolerance for data mistakes or misuse, such as having their data shared with third parties without their consent. Almost half (46 percent) of participants said they would activate their data rights after only one mistake. Nearly one-third of participants (31 percent) said that if an organization has misused their data, they will withdraw their permission to use it entirely, regardless of any assurances, offers of improved services or financial incentives.
However, the research also shows that companies can win customers back through respecting data privacy and consent. Customers are most trusting of organizations that promise they will not share data with third parties (38 percent) or misuse their data (37 percent).
Young people more willing to exchange personal data for incentives
Young people (18- to 24-year-olds) have a more open attitude toward sharing personal information. Nearly half (47 percent) say they are less likely to erase their data with a company as long as they are assured it will not be shared without consent. This compared to just 31 percent of those aged 55 and older.
Young people are also much less likely to activate their data rights if they can receive a satisfactory incentive. In a greater proportion than other age groups, young people are willing to exchange data permission for financial rewards (35 percent), free merchandise (24 percent) or more personalized services (17 percent). Adults aged 55 and older were far less willing to accept those tradeoffs: financial rewards (10 percent), free merchandise (5 percent) or more personalized services (6 percent).
A wake-up call for businesses
Not all industries have been equally affected by GDPR. In particular, social media companies and retailers have been most likely to be asked by customers to erase their customer data or withdraw it from marketing purposes.
- Almost half (44 percent) of respondents said they have or will exercise their right to have their data removed from social media companies.
- More than one third (34 percent) said they would ask the same of retailers, followed closely by banks (30 percent) and insurance companies (30 percent).
Other findings from the research include:
- The greatest number of consumers object to social media companies (48 percent) and retailers (41 percent) using their personal data for marketing purposes – banks (38 percent), insurers (38 percent), supermarkets (37 percent) and energy providers (33 percent) follow closely behind.
- Receiving unwanted emails from companies is the public’s most-hated data mistake, with 56 percent of respondents suggesting they would activate their data rights for the offense.
- More than half (54 percent) of consumers also strongly object to their data being shared with third parties and reported that doing so would cause them to activate their GDPR rights.
“Businesses that fail to respect their customers or their data risk losing that data, and their competitive advantage, hurting the bottom line,” said David Smith, head of GDPR technology at SAS UK & Ireland. “Transparent data management and analytics are crucial, not only to achieve compliance but to provide personalized customer experiences that make consumers more willing to share their data.”