As new European privacy rules are set to be enforced in May this year, there is still widespread confusion with only 27% believing GDPR applies to their business and 7% failing to ask for consent to collect customer data.
SaaS General Data Protection Regulation (GDPR) compliance solution, PORT.im’s survey of 100 business leaders has revealed that there is widespread misunderstanding of GDPR and data protection rules.
The research revealed that only 27% of businesses believed GDPR applied to their business, despite 73% answering that they collected personal data on their customers – a strong indication that GDPR does apply.
55% answered that they were unaware of GDPR – mirroring recent surveys that have continually shown that the majority of UK businesses are unaware of the new regulations.
Worryingly, only 35% of businesses have a record of consent to store their customers’ data, 7% never ask for consent and 19% said they sought permission but have no record. A further 33% of businesses believed they did not need a record of consent to collect and store their customers’ data.
Regarding security, 23% thought they did not need to securely store and encrypt customer data, 13% did not know whether they did or not, and 26% believed their data was secure but admitted it was unencrypted.
GDPR, which comes into force in May 2018, will allow people much more control over the data that organisations hold on them. They will be able to request, amend and delete personal data.
Organisations will also need to get explicit, informed consent to hold data and contact consumers. Failing to comply with GDPR could result in a €20 million fine or 4% of global turnover (whichever figure is higher) and potentially lead to reputational damage and a loss of business.
Julian Saunders, CEO and founder of PORT.im, said: “The headline figure that more than half of businesses are unaware of GDPR isn’t shocking – it’s in line with many surveys conducted throughout the year. What is concerning is that this figure does not appear to have changed much despite all the publicity surrounding GDPR. We believe this is because most businesses have little understanding of their current responsibilities surrounding customer data and, therefore, think they are immune to legislative changes.
“It really is crazy that so few companies seek permission to collect and store data. Add to this the lack of data security and general awareness and it’s really not surprising we have had so many data breaches this year.
“My message to business owners is that they need to get smart fast. Acting responsibly and ethically with customer data is a crucial way to protect and enhance brand reputation and ensure customer trust.”
Previous research by PORT.im revealed that 78% of consumers have recently been contacted by a business without their consent, 70% have not heard of GDPR and 61% would not share data even if they directly benefit.