Businesses face far more than just fines for non-compliance with GDPR
London, UK – 16 November, 2017 – Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its research on the EU General Data Protection Regulation (GDPR). The report, based on research by Censuswide and sponsored by Thales, captures the perceptions of consumers and businesses on the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as the new regulation’s business impact.
Half of UK consumers don’t believe commercial organisations care about their privacy, and many are prepared to take legal action against businesses that don’t comply with the EU General Data Protection Regulation (GDPR). At the same time, businesses are concerned the new data privacy regulations will have a negative impact on their operations and international relations.
Intended to improve personal data protection and increase accountability for data breaches, GDPR is perhaps the most comprehensive data privacy standard to date. However, the regulation presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where the organization is headquartered
Half of UK consumers (50%) claimed not to trust anyone with protecting their personal information, and a similar number (49%) expressed a belief that businesses didn’t care about their digital privacy.
Perhaps as a result of recent high-profile breaches, only one in five (20%) of UK consumers claimed to trust financial institutions with their information, while just 23% said they trusted healthcare providers.
Retailers were only trusted by 6% of consumers in the UK, and perhaps with good reason. Thales eSecurity’s 2017 Data Threat Report revealed that two in five retailers globally have experienced a data breach in the past year, and that a third had suffered more than one.
More worryingly, 70% of UK consumers believe their information has been made available for sale online by cyber-criminals.
However with the EU GDPR’s implementation just six months away, three quarters of UK consumers (76%) believe increased regulation will improve the privacy of their online data.
Taking back control
While understandably a hot topic among businesses across the EU, the research revealed that more than a third (37%) of UK consumers had heard of the GDPR and that almost two thirds (57%) of these could explain it to some degree.
Aware of the GDPR, and what it means for the privacy of their information, consumers appear to be willing to take a stand against those organisations that fail to comply with the regulation, with three in five (58%) of UK respondents claiming they would at least consider legal action.
More than three quarters (79%) of respondents said they would consider taking their business to another company if the one they were dealing with did not comply with the regulation, while 69% suggested they might report a non-compliant organisation to the relevant industry watchdog. Three quarters of UK consumers (77%) suggested a failure to comply with the GDPR would negatively impact their perception of an organisation.
The survey revealed a number of reasons why organisations may have more to fear from the GDPR than just consumer action and financial penalties.
- 63% of UK-based organisations believe that implementing measures to become GDPR-compliant will increase the level of complexity and red tape within their business.
- Almost half (49%) are concerned that the GDPR will hinder their organisation’s innovation to some degree.
- One in five (21%) expect GDPR to have a negative impact on relationships with their international partners.
- Interestingly, while around one in five UK businesses (22%) believe the GDPR will lead to fewer data breaches, almost a third (32%) are concerned that its implementation will actually result in an increased number of breaches.
Despite these concerns, more than a third of UK organisations (37%) remain optimistic that the GDPR will have no effect on their business operations whatsoever.
Jim DeLorenzo, Solutions Manager, GDPR, Thales eSecurity says:
“As a result of recent and ongoing data breaches, digital privacy remains top of mind for consumers. With the deadline for enforcement of the GDPR fast approaching, law firms and compensation companies will begin to focus their efforts on fighting for consumer rights, and organisations could find themselves facing multiple legal challenges in addition to the hefty fines levied by the regulation, some of which will achieve national media attention. The GDPR is a change of legislation that well and truly puts the onus on organisations to get their houses in order, and the clock is ticking…”
To help make sure your business is fit for GDPR, Thales eSecurity has compiled a series of useful resources, which you can find here https://gdpr.thalesesecurity.com.
Download your copy of the Thales eSecurity report – “Protecting private personal data – why there’s more to the GDPR than just fines” here http://go.thalesesecurity.com/GDPR-Survey-Protecting-private-personal-data-Why-there-is-more-to-the-GDPR-than-just-fines.html
For industry insight and views on the latest data security trends check out our blog. You can follow Thales eSecurity on Twitter, LinkedIn, Facebook and YouTube.
Thales eSecurity commissioned the survey among 2,000 consumers in the UK and Germany (1,000 in each region), and 1,500 C-level executives in the UK, US and Germany (500 in each region). The research was conducted online by polling company Censuswide, an international research organisation, in August 2017.
About Thales eSecurity
Thales eSecurity is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premises, in the cloud, in data centres and in big data environments – without sacrificing business agility. Security doesn’t just reduce risk; it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices.
Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and meeting the highest standards of certification for high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 64,000 employees in 56 countries, Thales reported sales of €14.9 billion in 2016. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.
Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.
Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and soon in Hong Kong.