New research from RSA discovered that only 15 percent of respondents have heard of EU General Data Protection Regulation, while 76 percent have heard of the UK Data Protection Act
The RSA research conducted in May surveyed 2,045 UK consumers. The research revealed that more than half (53 percent) believe the fines proposed under EU GDPR are fair (up to €20m or 4 percent of annual turnover, whichever is higher).
In addition, 28 percent said they have chosen to boycott companies that mishandle data, using more secure alternatives instead.
Rashmi Knowles, Field CTO, RSA said:
“When you read headline after headline of high profile data breaches, it is easy to despair and lose trust in businesses’ ability to look after our data. Things are only going to get worse once mandatory breach notification is introduced under the GDPR, as these breaches will become even more public.
“We can see some consumers are already boycotting companies that mishandle data, so this should be a real wakeup call – particularly when you add that to the potential penalties that could be imposed. Organisations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine, if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then.”
Richard Porter, UK Sales Manager at Human Inference added:
“GDPR has primarily been viewed as a data security challenge, but overlooking data management concerns puts organisations at risk of falling foul of the new rules. To ensure compliance, there are five key data management principles to follow. First off, make sure that all data is stored appropriately. Data cannot be stored after it has served its initial usefulness, and must be removed promptly. Next, businesses need to give all customers access to their own data. When a legitimate request is made, they must provide ready, comprehensive access to all relevant information.
“It’s also critical to be able to amend inaccurate data; this means opening up the personal data to modification by consumers. A consumer also has the right to obtain the erasure of personal data. While this is only permitted under specific grounds, when a genuine request is made organisations need to act quickly. Last, but not least, organisations need to remember that the consumer has the right to transmit any personal data to another organisation without hindrance.
“The five principles highlight a single risk. If customers’ data is fractured and inconsistent, organisations will have less unified control, without which it will be much more difficult to meet GDPR demands. The aim should be to create a single ‘Golden Record’ for each customer: a unique overview that describes the individual’s personal details any other contextual information in an easy-to-share format. If the organisation is confident there is no potentially sensitive data out of its control, then it will not only be compliant. It will also create a single view of the customer that can support smart data management across the business.”
Originally published on GDPR.Report