As experts in data protection law, we are eager to ensure that individuals do everything they can to protect their personal information.
A data breach can cause significant financial and emotional damage and distress to anyone whose personal information is illegally accessed, especially if it has been mishandled by an organisation you trusted.
Almost two years since GDPR was introduced as a measure to give the general public more control over their personal data, we wanted to gauge whether those in the UK and Ireland understand their rights under the legislation. Here is what we discovered.
One-in-five people don’t know what GDPR is
One-fifth (20%) of people in the UK and Ireland are not familiar with the term ‘GDPR’. Among respondents aged over 45, this figure rose to 25%.
While the majority of respondents said they know what GDPR is, gaps in knowledge were identified when asked about the guidelines. Only 28% of respondents understood what personal data could be legally kept by an organisation, while 15% wrongly said that companies were not able to keep any personal data at all.
The full list of personal data that can be kept by companies is:
- Your name
- Your date of birth
- Your address or mobile phone GPS
- Your telephone number
- An online identifier, such as IP address or email address
- The job you do
- Your racial or ethnic origin
- Identification numbers, such as National Insurance and passport
- The items you view or buy online
- Your bank details, including credit card
- The school you went to
- Information on your health
- Biometric data, such as photos and fingerprints
- Details about your partner/family
- Any Trade Union membership
- Your religious or philosophical beliefs
- Your political opinions
- Your passwords
- Details of your sex life and sexuality
The survey also identified a lack of knowledge in relation to what companies can legally do with personal data. Only 26% correctly identified that organisations are able to do the following with personal information:
- Use it to provide a service
- Use it to make a recommendation
- Use it to decide what you see online
- Use it to directly sell to you
- Sell the data to third parties
Some 14% of respondents incorrectly said that companies were not able to do anything with their personal data.
One-fifth of people have been a victim to a data breach
Our survey also revealed that 20% of participants have had their personal data exposed in an illegal breach. Of those who had been a victim of a data breach, only 7% made a claim. When asked why they hadn’t made a claim, 37% said they were not aware that they could do so, while 24% didn’t think it was a big enough concern to take legal action.
Anyone who has their data leaked due to the irresponsibility of a company is vulnerable to suffering financial losses. Regardless of how big or small these losses are, companies should be held responsible, especially if they failed in their duty to protect your information personal data.
While you may not have suffered any financial losses, you shouldn’t be left worrying about your personal information being used without your knowledge. Making a claim isn’t just about reimbursing a financial loss, it can be used to recompense any emotional distress and ensure that the organisation responsible for protecting your data puts suitable security methods in place to make sure this doesn’t happen again.
The number of people who have fallen victim to a data breach may be larger than what is reported in the survey, as 24% were not aware of their personal data being illegally accessed.
More than half of people in the UK and Ireland don’t know what a subject access request is
Despite 62% of respondents saying they do not trust companies to use their data responsibly, and 72% being greatly or somewhat concerned about organisations misusing their data, more than half (55%) of UK and Irish residents were not familiar with the means to request access to their data.
A subject access request (SAR) is a written or verbal request asking for access to personal information that an organisation holds or processes on you. You are able to make a subject access request whenever you want to any company that stores personal data. An SAR can be made for free; however, if a request is considered to be ‘manifestly unfounded or excessive’, a reasonable admin fee may be applied to a request.
The complete survey findings
Do you know what GDPR is?
How would you rate your knowledge on GDPR?
|Not very knowledgeable||31.53%||251|
|Not at all knowledgeable||2.26%||18|
Do you know what a subject access request is?
Do you have to pay to make a subject access request?
To your knowledge. what personal data can organisations legally keep about you?
|Your date of birth||59.14%||511|
|Your address or GPS||51.62%||446|
|An online identifier||41.78%||361|
|Your telephone number||49.88%||431|
|Your bank details, including credit card||19.91%||172|
|The school you attended||18.17%||157|
|The job you do||24.88%||215|
|Details about your partner/family||15.05%||130|
|Items you view/buy||21.99%||190|
|Biometric data, such as photos and fingerprints||15.86%||137|
|Your racial or ethnic origin||23.26%||201|
|Your political opinions||7.99%||69|
|Your religious or philosophical beliefs||9.49%||82|
|Trade Union membership||11.69%||101|
|About your sex life and sexuality||6.13%||53|
|None of the above||15.39%||133|
|All of the above||27.66%||239|
What can companies legally do with your personal data?
|Use it to provide a service to you||62.15%||537|
|Use it to make recommendations||41.90%||362|
|Use it to decide what you see||29.40%||254|
|Use it to directly sell to you||29.75%||257|
|Sell your data to third parties||10.53%||91|
|None of the above||14.12%||122|
|All of the above||26.04%||225|
Is a company legally required to share information if there has been a data breach?
Have you ever been the victim of a data breach?
Did you make a claim for compensation?
Why did you not make a claim?
|Too much hassle||9.58%||16|
|Takes too long||2.40%||4|
|Don’t have a solicitor||2.99%||5|
|Didn’t think it was a big deal||23.95%||40|
|Didn’t know how to make a claim||8.98%||15|
|Didn’t know I could claim||37.13%||62|
Do you trust that organisations will use your data responsibly?
How concerned are you about organisations misusing your data?
|Neither concerned or not concerned||16.27%||137|
|Not thought about it||2.85%||24|
Are you more aware of your data rights now than you were five years ago?