Public trust and GDPR – the virtuous circle of good data management

TCF’s key change and strategy associate looks at how personal trust is at the heart of our data expectations of businesses and the opportunities you can grasp in complying with GDPR.

As 2017 closes it’s time to consider the roll call of organisations that have disclosed recent or historic data hacks during this year. Trusted household names including Yahoo!, Deloitte, Equifax, the Automobile Association, the Association of British Travel Agents, PlayStation and xBox, have all fallen foul of hackers who have exposed gaps in their data management practices and threatened to reveal or trade customers’ personal data.

And, when our personal data is compromised by organisations around the world, it’s natural our trust starts to fade. In 2015, Digital Catapult, an organisation set up by Innovate UK, published a survey report, Trust in Personal Data: A UK Review, indicating many people do not trust organisations with their personal data in terms of its use.

Of 4,500 consumers polled, aged between 18-64 years, 76 percent stated their main worry was having, “no control over how their data is shared or who it is shared with.” Sixty percent said they were uncomfortable sharing their personal data, with a further 14 percent admitting they refuse to share any personal data.

Over 40 percent (43.5 percent) of respondents said they trusted public sector organisations more than private sector companies with personal data, while financial services firms were considered the most trusted in the private sector by 28.6 percent of respondents. Retail organisations lagged behind with only 4.3 percent. Conversely, participants ranked retailers as most likely to abuse personal data (30 percent).

The report’s authors said: “What is abundantly clear from this study is that respondents do not believe they benefit from sharing personal data with organisations. Instead, they believe it is only the organisations that are gaining from their data.” Importantly, the report’s authors also speculated, without trust, less data will be shared and the UK and our economy will fall behind in the race to maximise the potential of the digital economy.

Organisations have a further opportunity to strengthen their data management approaches – and, consequently, their trust with individuals, with the introduction of the General Data Protection Regulation (GDPR) next May. The GDPR is a European Union regulation and the UK Government has already indicated it will be implemented regardless of the outcome of Brexit negotiations. Also, in the UK a new Data Protection Act will be passed in 2018, aiming to ramp up data protection requirements in the UK significantly.

The GDPR goes well beyond existing data protection legislation and aims to give individuals back control of their personal data and reshape the way organisations across the region approach data privacy, ensuring such data is handled by authorized users, only when appropriate. Under the GDPR, organisations must:

• Process data for authorised purposes only
• Ensure data accuracy and integrity
• Minimise subjects’ identity exposure, and
• Implement data security measures.

In the U.K. compliance with the GDPR will be the responsibility of the Information Commissioner’s Office – and, for the first time, organisations will be held accountable for providing evidence of their compliance.

Clearly the intent and the measures of the GDPR echo the citizens’ concerns about the management of their personal data – and can only help improve the levels of trust required between people and organisations for our societies and economies to thrive.

To ensure you’re ready to meet these requirements, while maintaining and building trust with your stakeholders, contact us at to understand how you can maximise this requirement to meet consumer expectations into a business relationship and development opportunity.

November 2017