Are Brits baffled by GDPR?

With comprehensive new rules governing data privacy kicking in tomorrow, millions of UK citizens are still completely in the dark about what the changes under the General Data Protection Regulations (GDPR) mean for them, according to research by Virtual Private Network comparison service Top10VPN.com. In fact, almost half of Brits (44%) haven’t actually heard of the term GDPR. Perhaps more disconcertingly, around a third (31%) have no idea what these changes to the privacy laws actually mean for them, and only one in five (18%) felt they ‘completely’ understood the implications of the changes.

When asked about the detail of GDPR, only 10% of respondents could accurately identify a handful of key aspects of the regulations. Three in 10 Brits (28%) are under the impression that companies have to delete all personal information they hold before the rules are implemented tomorrow. Two thirds (67%) do understand that giving consent under the rulings has to be an ‘active action’ by the data subject, but one in 10 (10%) believe that giving consent to a company once means that you can’t change your mind at a later date.

Less than half (47%) know that those controlling the data have a month to consent to data access requests from EU citizens.

Simon Migliano, head of research at Top10VPN, said: “Commentary and advice surrounding the incoming data protection laws has risen to a cacophony in recent weeks, so it’s hardly surprising that not everyone has a full idea of what these changes mean for them.

While memorising every detail of the new GDPR rules is somewhat impractical, there are a few key elements that might be useful for Brits to know. For example, giving consent to a company once to have your data processed by them doesn’t mean that you can’t change your mind about this later and then withdraw consent. EU citizens also have the right to request to ask for their data at ‘reasonable intervals’, and those controlling the data have a month to comply.

While this has been hailed as an EU law, it’s worth noting that even companies outside the EU who hold data on European Union citizens have to comply. All-in-all, GDPR should see companies keeping a tighter rein on the personal information they hold, so this should theoretically improve security awareness and protection levels for EU citizens. In a year that has seen the UK shaken by allegations of seemingly unsolicited use of private information, GDPR marks a step towards greater personal control of their data – that can only be a good thing.”