Almost four in five people who work in the healthcare sector are ready to ask for their personal data be edited to deleted once the General Data Protection Regulation (GDPR) comes into force, a survey has revealed.
The regulation, which arrives on May 25, will give all EU citizens greater rights over their personal data.
This includes a right to ask for their data to be edited or deleted – as part of a so-called ‘right to be forgotten’ or ‘right to erasure’.
Now businesses are bracing themselves for exactly what this means and how much it will cost them.
A survey by Crown Records Management, global information management experts, has revealed some stunning results when it comes to how many people could ask for their data to be removed or altered. And it seems those in the healthcare sector will be amongst the most determined to protect their data.
The results, after more than 2,000 people across the UK were polled revealed:
- An incredible 78 per cent of those in the healthcare sector said they may ask for their data to be edited or deleted after May 25 – with 32 per cent saying they would definitely do so.
- This was higher than many sectors – in HR the figures were 65 and 26 per cent.
- Across all sectors, 71 per cent said they would (either definitely or possibly) ask a company to edit or delete their data when the new regulation comes into force. In an adult UK population of 52.6 million this could result in an incredible 37.3 million requests.
- Only 8 per cent across all sectors gave a straight ‘no’ when asked if they would want data edited or deleted.
- More than half of directors across all sectors said they would definitely ask for their personal data to be changed or removed.
David Fathers, Regional Manager at Crown Records Management said: “We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.
“But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses.
“The figures in the healthcare sector are particularly high and perhaps shows how aware people in that profession are about the value and risks of personal data in the modern world.
“The bottom line is that there could be a big challenge ahead for UK businesses. Even if only the 25 per cent who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.”
The type of data those in the healthcare sector will want edited or deleted was interesting, too.
Data held for marketing and mailing lists came out top on 67 per cent, followed by financial, banking and credit data on 64 per cent
“In almost every other sector the financial data came out top,” said David Fathers. “Perhaps this shows that those in healthcare, with busy work schedules and maybe working long hours, are particularly concerned about time-wasting emails and sales calls.
“But it also shows just how many types of personal data are under discussion here – and that few businesses will be unaffected.
“Companies should already know what data they have, where it is, how it can be accessed and how it can be edited – but the GDPR regulations will make this mandatory. A full data audit now before the regulation comes in is the very minimum required to start the preparation process.
“There are also significant budget implications to consider if they are going to cope with the volume of requests which come their way.”