UK public no longer trusts online businesses with its data

Hacker typing on a keyboard
(Image credit: Bigstock)

The public's trust in online businesses has been destroyed following an increasing number of high profile data breach disclosures over the past year, leading many customers to boycott companies entirely.

That's according to research conducted by RSA, which also found that almost a quarter of those interviewed had become numb to the idea of data loss, no longer shocked by news of fresh data breaches.Almost 35% of respondents said they had lost trust in the ability of companies to protect user data, and had resigned themselves to the likelihood that their information would be stolen eventually.

"When you read headline after headline of high profile data breaches, it is easy to despair and lose trust in businesses' ability to look after our data," said Rashmi Knowles, CTO EMEA at RSA. "Things are only going to get worse once mandatory breach notification is introduced under the GDPR, as these breaches will become even more public."

"We can see some consumers are already boycotting companies that mishandle data, so this should be a real wakeup call - particularly when you add that to the potential penalties that could be imposed," added Knowles.

The General Data Protection Regulations(GDPR), set to come into force in May 2018, will attempt to harmonise data protection compliance by enforcing stricter rules around the handling of personal data. It will be the single biggest shake up to data protection since the creation of the 1998 Data Protection Act.

As part of the new regulations, it will soon be mandatory for businesses to disclose any breach that has led to the loss of user data with 72 hours. However the fact businesses will soon need to be more accountable and transparent in their processes doesn't seem to be filtering down to the consumer.

Of the 2,045 consumers surveyed, only 15% had heard of GDPR and the changes it will bring. Once informed, 53% said that the proposed fines under GDPR were fair, however one in five believe they do not go far enough, and that customers should be financially compensated if their data is stolen in a breach.

The Right to be Forgotten

Chris Daly believes GDPR should be a 'badge of honour'

That disconnect is likely to narrow under GDPR, as businesses will be forced to become more transparent and inform customers of their rights as data subjects. However, empowered by GDPR, those customers who distrust online businesses could potentially actively block the use of their data through schemes such as the 'Right to be Forgotten'.

This, according to Nailah Ukaidi, an independent information governance practitioner speaking at a RSA panel event in London, could prove to be a significant obstacle for businesses adapting to new customer expectations.

"With the 'Right to be Forgotten' rule, following efforts by Google, people started to use it, and now that its much clearer in the regulations, I think there'll be a lot more use of that," said Ukaidi.

"And with the government's proposals around allowing people to erase their Facebook lives... people are jumping at that. This has massive implications for customers and their expectations... and I think those are the areas where the ICO will look at."

The Information Commissioners Office will ultimately be one of the bodies responsible for enforcing GDPR compliance in the UK, and will be firmly on the side of the customer.

"The ICO is there to provide enforcement from a customer's perspective, and where they will look at enforcing fines is where there has been real damage or distress caused to the data subject," added Ukaidi.

Chris Daly, CEO of the Chartered Institute of Marketing and also present at the London panel, explained that the GDPR regulations should be worn like a "badge of honour" - an opportunity for businesses to change their relationship with the customer.

"Honesty and transparency should be at the core of the relationship between the customer and the organisation," said Daly. "I think it's not only the right thing to do, but also the customers are expecting that. It's a case of organisations taking on the responsibility and becoming more professional in their dealings with their customers."

Main image: Bigstock

General Data Protection Regulation (GDPR) GDPR preparation: 2018 data protection changes

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.