nCipher Security Blog

More than half of consumers would consider legal action if their data was compromised during a breach

Peter Galvin | Chief Strategy Officer More About This Author >

Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation. Furthermore, 16% of organisations across the UK and Germany confessed to not having been ready in time for the legislation, according to our research into consumer and business perceptions of the GDPR, six months after its roll-out.

More than half of consumers would consider legal action if their data was compromised during a breach

Our research has highlighted that 86% of consumers would consider switching to another company if a breach were to occur, with 35% of consumers stating that a data breach under the GDPR would ‘definitely’ give them a negative perception of a company. More than two thirds (69%) also stated they would think about initiating legal action against a company which failed to manage their personal data under the GDPR.

A surprising 17% of UK consumers said they still hadn’t heard of the regulation compared to just 9% in Germany. A quarter (25%) of people in both regions revealed that they could not explain the GDPR in any way.

Ready or not

In light of consumer concerns, members of the C-Suite were asked whether their organisation was prepared for the legislation in time for the May 25 2018 deadline. The majority (84%) of businesses reported being ‘completely’ ready, with a further 11% being somewhat prepared. Those across the manufacturing and utilities industries had the highest preparedness rates at 91%, while retail had the lowest across both countries at 78%. UK businesses fell slightly behind their German counterparts, however, with a 10% difference in the number of organisations that met the official deadline.

Since the implementation of GDPR, one third (33%) of UK businesses have contacted the Information Commissioner’s Office (ICO) to check the severity of a data breach, while just less than half (49%) of German organisations have done the same with the Data Protection Commissioners.

Gaining and maintaining consumer trust

With over 40% of UK companies turning to the ICO in the first six months of the GDPR implementation, it’s hardly surprising that consumers still lack confidence around the privacy and safety of their personal information. As data breaches continue to hit the headlines on what seems like a daily basis, it’s almost impossible for anyone to believe their data is in good hands.

This immediately puts organisations at a disadvantage in gaining consumer trust, especially given people’s willingness to switch companies following a breach. With the GDPR putting consumers in a newfound position of power, it’s down to organisations to show they are rethinking their approach to data security, ensure they are fit for compliance, and enhance their relationships with consumers.

The cost to business

UK businesses also ranked second when it came to financial investment into preparing for the GDPR, with UK spend averaging £86,806, while German organisations invested an average of €210,653. Only three in ten of enterprises across the UK spent more than £10,000 preparing themselves, whereas more than half did the same in Germany. At the other end of the scale, 16% of German organisations invested between €500,000 and €1 million to become compliant, compared with just 5% of organisations across the UK.

The regulation has also impacted the way enterprises interact and engage with third-parties, with 38% admitting to completely changing their security policies with contractors or vendors according to the GDPR, and a further 24% partially changing policies.

A view from the C-Suite

As well as having to alter external relationships in order to meet the new requirements, it appears that organisations in both countries have also been affected by the data protection law in a number of other ways, with not all of them being positive. Although designed to bring greater control to how data is handled and protected, 30% of CEOs, CIOs and CISOs felt that the introduction of the GDPR had in fact led to increased complexity.

Perhaps more worryingly, almost a quarter (23%) believe the regulation has resulted in a greater risk of data breaches, while a further 14% reported a negative impact on their relationships with international partners. It wasn’t all doom and gloom, however, as 18% of respondents across the UK and Germany felt that the regulation has had a positive impact on innovation for their organisation.

Please find a detailed breakdown of the 2,006 consumer respondents via gender, age and market below, as well as the criteria for the 1,006 CEOs, CIOs and CISOs surveyed by company size, region and industry sector. The survey was issued in November 2018 by Censuswide.

Respondent breakdown: consumer

Base number of survey participantsTotalGenderAgeMarket

Respondent breakdown: business

TotalCompany size
Sole Trader1-9 employees10-49 employees50-99 employees100-249 employees250-500 employees500+ employees
Base number of survey participants10062842351056088131103
East of EnglandGreater LondonEast MidlandsWest MidlandsNorth EastNorth WestNorthern IslandScotlandSouth EastSouth WestWalesYorkshire & The Humber
Industry sector
Architecture, Engineering & BuildingArts & CultureEducationFinanceHealthcareHRIT & TelecomsLegalManufacturing & UtilitiesProfessional ServicesRetail, Catering & LeisureSales, Media & MarketingTravel & TransportOther