British businesses could be overloaded by up to 37 million requests for personal data to edited or deleted when a new regulation comes into force in May, according to results from a survey by Crown Records Management.
The EU General Data Protection Regulation, which comes into force on May 25, will give all EU citizens greater rights over their personal data. This includes a right to ask for their data to be edited or deleted – as part of a so-called ‘right to be forgotten’.
Now businesses are bracing themselves for exactly what this means, and how much it will cost them.
The survey by the global information management specialists has revealed some stunning results when it comes to how many people could ask for their data to be removed or altered.
The results, after more than 2,000 people were polled by Censuswide across the country, revealed:
- A massive 71 per cent said they would (either definitely or possibly) ask a company to edit or delete their data when the new regulation comes into force. In an adult UK population of 52.6 million this could result in an incredible 37.3 million requests.
- Only eight per cent gave a straight ‘no’ when asked if they would want data edited or deleted.
- More than 34 per cent of 25-34 year-olds said they would definitely ask for their data to be edited or deleted.
- More than half of directors said they would definitely ask for their personal data to be changed or removed.
- A massive 57 per cent of those working in the legal profession said they would definitely want data edited or deleted – with another 29 per cent saying they would ‘possibly’ do so.
David Fathers, Regional Manager at Crown Records Management said: “We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.
“But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses.
“Even if only the 25 per cent who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.
“The likelihood is that the number of requests will, more than likely, be much less– what people say they will do and what they actually action is often different. But the results show that the data climate is changing and should nevertheless be a warning to businesses of what lies ahead.
“Companies should already know what data they have, where it is, how it can be accessed and how it can be edited. But the GDPR regulations will make this mandatory. A full data audit now before the regulation comes in is the very minimum required to start the preparation process.
“There are also significant budget implications to consider if they are going to cope with the volume of requests which come their way. You have only to look at the impact that Freedom of Information Requests have had on some businesses and public bodies to know that this may require an entire new department to help deal with the issue.”
1 Financial, banking and credit card information – 68 per cent
2 Data held for marketing, mailing lists etc – 66 per cent
3 Name, address, email address – 56 per cent
4 Health and medical data – 56 per cent
5 Basic personal information, e.g. name, address, date of birth – 53 per cent
6 Credit rating – 53 per cent
7 Shopping and purchasing history – 52 per cent
8 Date of birth – 46 per cent
9 Membership of organisations or political groups, trade unions etc. – 45 per cent
10 Performance history at work, e.g. appraisals – 44 per cent
11 Sexual orientation – 36 per cent
12 Racial or ethnic origin – 34 per cent
13 Criminal record – 34 per cent