GDPR came into full effect today and citizens all over Europe are suddenly able to ask firms for any personal details about themselves that are being stored.
Up until now, in the UK for example, a Subject Access Request (SAR) meant that people had to pay £10 when asking a firm to process a request for data. Under GDPR, this kind of charge has been scrapped. The result is that from today, citizens in all 28 EU member states can suddenly invoke the right of access without shelling out a cent. In total that is a staggering 515 million people.
GDPR identifies "personal data" as any data that allows people to “be directly or indirectly identified.” This includes pseudonymized data that could be linked back to an individual. GDPR covers your name, address, ID numbers tied to your name or picture, and online identifiers such as IP addresses. GDPR also covers sensitive data such as race, political views, religious affiliations, sexual orientation, and much more.
For people with concerns about what specific firms might holding about them - or anybody with an inquisitive mind - GDPR is the perfect opportunity to ask just about any firm in Europe: what do you know about me?
40% of the population
According to research performed by Veritas Technologies, most European firms can expect to be “inundated with requests” as soon as GDPR goes live.
According to Veritas, as many as 40% of UK citizens are be planning to make a request within the first six months. If those numbers are the same on the European mainland, that would amount to a whopping 204 million people filing requests before Christmas. For the firms and organizations that receive those requests - which only have a month to comply - that could mean a massive sudden onslaught of work.
The 2018 Veritas GDPR Consumer Study
The study itself was conducted on behalf of Veritas Technology by the market research firm 3GEM. The study questioned 3,000 adults in total and discovered that people are most likely to file requests within certain industries...
Just 6% of surveyed adults said they were interested in filing a request with a financial institution - such as a bank or insurance company. Nearly half (46%) are planning to find out what personal data retailers are holding onto and 24% of respondents said they intend to file a request with a former or potential employer.
Social media in the spotlight
Considering the barrage of Facebook-related data scandals that have been hitting the press in recent months, it's perhaps of little surprise that 48% of people are interested in what social media companies are keeping on file about them. For firms like Facebook, this could be extremely telling.
Especially considering that previous research revealed the tech giant was able to correctly predict people’s political beliefs, race, sexual orientation - and other sensitive personal information - simply by analyzing their “likes.”
Reflecting on the results of the study, executive vice president and chief product officer at Veritas Technologies, Mike Palmer, commented:
“In light of recent events surrounding the use of personal data by social media, and other organisations, consumers are taking much more interest in how their data is used and stored by businesses across many sectors.
“With a flood of personal data requests coming their way in the months ahead, [data controllers and processors] must retain the trust of consumers by demonstrating that they have comprehensive data governance strategies in place to achieve regulatory compliance.”
Interestingly, considering how many requests Facebook might be hit within the coming months - in April a photograph emerged of Facebook CEO Mark Zuckerberg's personal notes for his interview in Congress. In the notes, Zuckerberg had been given clear instructions not to say "we already do what GDPR requires."
Many commentators took that to mean Facebook was not yet prepared to deal with GDPR. The big question is will Facebook (and other companies) be ready to comply with huge numbers of requests and process them within a month as stipulated by the regulation?
One thing is for certain, study after study over the past few years have shown that the vast majority of people want to know more about how firms are handling their data. With GDPR here, it stands to reason that people are going to ask questions. The firms that champion privacy rights and are found to be complying may find themselves suddenly winning the public's trust.
Title image credit: Paolo De Gasperis/Shutterstock.com
Image credits: Brasil Creativo/Shutterstock.com, UI/Shutterstock.com, Nikolaeva/Shutterstock.com