Why compliance with the GDPR is so important for retailers

Half of UK consumers don’t believe commercial organisations care about their privacy, Thales research finds, and only 6 percent of consumers trust retailers with their data. If consumers don’t trust businesses, they face far more than just fines for non-compliance with the EU General Data Protection Regulation (GDPR).

Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its research on the EU General Data Protection Regulation (GDPR). The report, based on research by Censuswide and sponsored by Thales, captures the perceptions of consumers and businesses on the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as the new regulation’s business impact.

Half of UK consumers don’t believe commercial organisations care about their privacy, and many are prepared to take legal action against businesses that don’t comply with the EU GDPR. At the same time, businesses are concerned the new data privacy regulations will have a negative impact on their operations and international relations.

Intended to improve personal data protection and increase accountability for data breaches, GDPR is perhaps the most comprehensive data privacy standard to date. However, the regulation presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where the organization is headquartered.

Half of UK consumers (50 percent) claimed not to trust anyone with protecting their personal information, and a similar number (49 percent) expressed a belief that businesses didn’t care about their digital privacy.

Retailers were only trusted by 6 percent of consumers in the UK, and perhaps with good reason. Thales eSecurity’s 2017 Data Threat Report revealed that two in five retailers globally have experienced a data breach in the past year, and that a third had suffered more than one.

Perhaps as a result of recent high-profile breaches, only one in five (20 percent) of UK consumers claimed to trust financial institutions with their information, while just 23 percent said they trusted healthcare providers.

More worryingly, 70 percent of UK consumers believe their information has been made available for sale online by cyber-criminals.

However with the EU GDPR’s implementation just six months away, three quarters of UK consumers (76 percent) believe increased regulation will improve the privacy of their online data.

Aware of the GDPR, and what it means for the privacy of their information, consumers appear to be willing to take a stand against those organisations that fail to comply with the regulation, with three in five (58 percent) of UK respondents claiming they would at least consider legal action.

More than three quarters (79 percent) of respondents said they would consider taking their business to another company if the one they were dealing with did not comply with the regulation, while 69% suggested they might report a non-compliant organisation to the relevant industry watchdog. Three quarters of UK consumers (77 percent) suggested a failure to comply with the GDPR would negatively impact their perception of an organisation.