skip to Main Content

Data Protection Trust Levels Still Low After GDPR

A report by the Chartered Institute of Marketing (CIM) has shown that as 42% of consumers have received communications from businesses they had not given permission to contact them (since GDPR came into force), this could be a key reason why consumer trust in businesses is still at a low level.

Not Much Difference

The CIM report shows that only 24% of respondents believe that businesses treat people’s personal data in an honest and transparent way.  This is only slightly higher than the 18% who believed the same thing when GDPR took effect 6 months ago.

Young More Trusting

The report appears to indicate that although trust levels are generally low, younger people trust businesses more with their data.  For example, the report shows that 33% of 18-24 and 34% of 24-35 year olds trust businesses with their data, compared with only 17% of over 55s.

More Empowered But Lacking Knowledge About Rights

Consumers appear to feel more empowered by GDPR to act if they feel that organisations are not serving them with the right communications.  For example, the report showed that rather than just continuing to receive and ignoring communications from a company, 50% of those surveyed said that GDPR has motivated them to not consciously opt-in to begin with, or if opted in, make them more likely to subscribe.

This feeling of empowerment was also illustrated back in August in a report based on a study by business intelligence and data management firm SAS.  The SAS study showed that more than half of UK consumers (55%) looked likely to exercise their new GDPR rights within the first year of GDPR’s introduction.

Unfortunately, even though many people feel more empowered by GDPR, there still appears to be a lack of knowledge about exactly what rights GDPR has bestowed upon us. For example, the report shows that only 47% of respondents said they know their rights as a consumer in relation to data protection.  This figure has only increased by 5% (from 43%) since the run-up to GDPR.

What Does This Mean For Your Business?

The need to comply with the law and avoid stiff penalties, and the opportunity to put the data house in order meant that the vast majority of UK companies have taken their GDPR responsibilities seriously, and are likely to be well versed in the rights and responsibilities around it (and have an in-house ‘expert’). Unfortunately, there are always a few companies / organisations that ignore the law and continue contacting people.  The ICO has made clear examples e.g. back in October Manchester-based Oaklands Assist UK Ltd was fined £150,000 by the ICO for making approximately 64,000 nuisance direct marketing calls to people who had already opted out of automated marketing.  This is one example of a company being held accountable, but it is clear from the CIM’s research that many consumers still don’t trust businesses with their data, particularly when they hear about data breaches / data sharing on the news (e.g. Facebook), or continue to have their own experiences of unsolicited communications.

It may be, as identified by the CIM, that even though GDPR has empowered consumers to ask the right questions about their data use, marketers now need to answer these, and to prove to consumers how data collection can actually benefit them e.g. in helping to deliver relevant and personalised information.

The apparent lack of a major impact of GDPR on public trust could also indicate the need for an ongoing campaign to drive more awareness and understanding across all UK businesses.

Back To Top