With under 100 days until GDPR takes effect, businesses are scrambling to prepare; many unsure which actions to take and when. On the flip side, many consumers appear to have it all worked out.
According to a recent survey, by independent media agency the7stars, 34% of British consumers said they plan to exercise their “right to be forgotten” (officially known as the right to erasure) when GDPR kicks in on May 25.
The right to erasure is actioned with an explicit request to delete personal data where there is no compelling reason for continued processing. Consumers taking this path are making a clear statement that they never want to be contacted and organizations must comply.
If the 1K sample size reflects wider public opinion, this will cause alarm for many businesses, as they fear losing precious customer and prospect data. But should they really be worried, or could this mass data-shed be a blessing in disguise, for both parties?
58% of respondents welcomed GDPR as a positive step towards protecting their data and privacy and 32% said that they would trust brands more after GDPR becomes law. So perhaps consumer-driven data cleansing is a good thing, ushering-in a new era in data processing. One where consumers can finally trust brands, and businesses can rely on the quality of their data.
In any case, it’s not that simple. Just because consumers ask to have their personal data erased, doesn’t mean it’ll actually happen. Businesses demonstrating they have legitimate interest can still legally hold and process personal data. Valid reasons for processing include credit checks, risk assessments and even marketing.
But whatever the justification, legitimate interest must be qualified – companies must inform consumers of their reasons for processing, describe how the data will be processed, and allow a clear opportunity for them to object. It’s a complex issue, and one sure to derail businesses and consumers alike, in the pursuit of contrasting end goals.