Following the implementation of GDPR today, consumers are expected to reward and punish organizations for data protection, a Veritas study has found.
Two in five of UK consumers believe most businesses do not know how to protect their personal data and are willing to take resolute steps to ensure those companies are penalized.
Out of the 12,500 consumers across 14 countries that were tested, it revealed consumer tactics to avoid data safeguarding issues.
Key results include:
- 94% said they are concerned about how their data is shared with companies and third parties
- 79% of consumers would tell their friends and family to boycott the organization (should they have data protection issues)
- 46% of respondents say they would spend more money with organizations they trust to look after their data with 21% willing to spend up to 25% more with a business that are willing to take data protection seriously.
“As consumer demand more transparency and accountability from businesses, the ‘new norm’ will see consumers rewarding those organizations that have good data hygiene practices in place while punishing those that don’t,” said Tamzin Evershed, senior director and global privacy lead, Veritas.
“Businesses must be seen as trusted custodians of data if they want to reap the rewards associated with building consumer confidence,” she added.
“The reason we did this report was because we found that many organizations were focusing on GDPR for the organization, rather than how consumers would view it,” Jason Tooley, Veritas vice president, explains to journalist Dave Beach.
The Global Treasurer asked Nicola Howell, senior data and compliance attorney, Dun & Bradstreet, about how consumers view data breaches and who should be held to account:
How easily redeemable is a company’s reputation if they have been entangled in data protection issues?
“With the proliferation of social media and a heightened focus on transparency, organizations are increasingly under the spotlight when it comes to data protection. This increased focus, coupled with more comprehensive data protection legislation, means that data breaches often make headline news.
“In addition to any financial penalties, the reputational damage to companies can have a significant impact on their bottom line or stock price.
“Whilst it may not be possible to protect against every eventuality, if a company has the right procedures in place, and makes data protection compliance part of their culture, then this can help to mitigate the negative impact of any breach that may occur.”
In a business, who should be chiefly responsible for ensuring customers’ data is protected?
“It’s more about a business taking data protection seriously, making it part of the culture of the organization and dedicating an appropriate level of resource and investment.
“The GDPR lists situations where a data protection should be appointed, but at the end of the day the public will consider a board member responsible if something goes wrong.”
With the new law coming into effect today with subsequent Information Commissioner’s Office (ICO) enforcement, it would be of interest to understand if consumer concern is remedied or if another organization will fall short in data protection.