ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Firms can expect a massive onslaught of GDPR requests

GDPR came into full effect today and citizens all over Europe are suddenly able to ask firms for any personal details about themselves that are being stored.

Up until now, in the UK for example, a Subject Access Request (SAR) meant that people had to pay £10 when asking a firm to process a request for data. Under GDPR, this kind of charge has been scrapped. The result is that from today, citizens in all 28 EU member states can suddenly invoke the right of access without shelling out a cent. In total that is a staggering 515 million people.

GDPR identifies "personal data" as any data that allows people to "be directly or indirectly identified.” This includes pseudonymized data that could be linked back to an individual. GDPR covers your name, address, ID numbers tied to your name or picture, and online identifiers such as IP addresses. GDPR also covers sensitive data such as race, political views, religious affiliations, sexual orientation, and much more. 

For people with concerns about what specific firms might holding about them - or anybody with an inquisitive mind - GDPR is the perfect opportunity to ask just about any firm in Europe: what do you know about me?

Question Mark 3

40% of the population

According to research performed by Veritas Technologies, most European firms can expect to be "inundated with requests” as soon as GDPR goes live.

According to Veritas, as many as 40% of UK citizens are be planning to make a request within the first six months. If those numbers are the same on the European mainland, that would amount to a whopping 204 million people filing requests before Christmas. For the firms and organizations that receive those requests - which only have a month to comply - that could mean a massive sudden onslaught of work.

The 2018 Veritas GDPR Consumer Study 

The study itself was conducted on behalf of Veritas Technology by the market research firm 3GEM. The study questioned 3,000 adults in total and discovered that people are most likely to file requests within certain industries...

Just 6% of surveyed adults said they were interested in filing a request with a financial institution - such as a bank or insurance company. Nearly half (46%) are planning to find out what personal data retailers are holding onto and 24% of respondents said they intend to file a request with a former or potential employer.

Gdpr Facebook Likes

Social media in the spotlight

Considering the barrage of Facebook-related data scandals that have been hitting the press in recent months, it's perhaps of little surprise that 48% of people are interested in what social media companies are keeping on file about them. For firms like Facebook, this could be extremely telling. 

Especially considering that previous research revealed the tech giant was able to correctly predict people’s political beliefs, race, sexual orientation - and other sensitive personal information - simply by analyzing their "likes.”

Reflecting on the results of the study, executive vice president and chief product officer at Veritas Technologies, Mike Palmer, commented:

"In light of recent events surrounding the use of personal data by social media, and other organisations, consumers are taking much more interest in how their data is used and stored by businesses across many sectors.

"With a flood of personal data requests coming their way in the months ahead, [data controllers and processors] must retain the trust of consumers by demonstrating that they have comprehensive data governance strategies in place to achieve regulatory compliance.”

Ready For Gdpr

Not ready?

Interestingly, considering how many requests Facebook might be hit within the coming months - in April a photograph emerged of Facebook CEO Mark Zuckerberg's personal notes for his interview in Congress. In the notes, Zuckerberg had been given clear instructions not to say "we already do what GDPR requires." 

Many commentators took that to mean Facebook was not yet prepared to deal with GDPR. The big question is will Facebook (and other companies) be ready to comply with huge numbers of requests and process them within a month as stipulated by the regulation? 

One thing is for certain, study after study over the past few years have shown that the vast majority of people want to know more about how firms are handling their data. With GDPR here, it stands to reason that people are going to ask questions. The firms that champion privacy rights and are found to be complying may find themselves suddenly winning the public's trust. 

A great way to keep your data secure is to use a VPN, find out which VPN providers are GDPR compliant by reading our GDPR industry report.

Title image credit: Paolo De Gasperis/

Image credits: Brasil Creativo/, UI/, Nikolaeva/

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service