People who work in HR are ready to ask for their personal data be edited or deleted once the General Data Protection Regulation (GDPR) comes into force, a survey has revealed – but far less likely than any other sector.
The regulation, which arrives on May 25, will give all EU citizens greater rights over their personal data.
This includes a right to ask for their data to be edited or deleted – as part of a so-called ‘right to be forgotten’ or ‘right to erasure’.
Now businesses are bracing themselves for exactly what this means and how much it will cost them.
A survey by Crown Records Management, global information management experts, has revealed some stunning results when it comes to how many people could ask for their data to be removed or altered. However, it seems those working in HR are less motivated to do so.
The results, after more than 2,000 people across the UK were polled, revealed:
- 66 per cent of those in the HR sector said they may ask for their data to be edited or deleted after May 25 – with 26 per cent saying they would definitely do so.
- This figure may seem high but was actually lower than every other sector – for instance the legal sector returned figures of 86 per cent and 57 per cent.
- Across all sectors, an average of 71 per cent said they would (either definitely or possibly) ask a company to edit or delete their data when the new regulation comes into force. In an adult UK population of 52.6 million this could result in an incredible 37 million requests.
- Only 8 per cent across all sectors gave a straight ‘no’ when asked if they would want data edited or deleted.
- More than half of directors across all sectors said they would definitely ask for their personal data to be changed or removed.
David Fathers, Regional General Manager at Crown Records Management said:
“We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.
“But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses.
“The figures in the HR sector are significant – more than a quarter say they would definitely ask for personal data to be edited or deleted. But they are also lower than every other sector, which is hard to explain.
“It doesn’t necessarily mean people in that sector don’t care about their data. In fact it may well show that professionals in HR are already very careful about their personal data because they are surrounded by it at work.
“The bottom line is that there could be a big challenge ahead for UK businesses. Even if only the 25 per cent of the UK public who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.”
The type of data those in the HR will want edited or deleted was interesting, too.
Data held for marketing and mailing lists came on top on 65 per cent followed by basic information such as name, address and email at 50 per cent.
David Fathers said:
“Once again these results were a bit of a surprise because almost every other sector placed financial and credit card information top of the pile. In HR only 45 cent said they would ask for that kind of data to be edited or deleted.
“But the list also includes basic personal information and health data – and this shows just how many types of personal data are under discussion here. Few businesses will be unaffected.
“Companies should already know what data they have, where it is, how it can be accessed and how it can be edited – but the GDPR regulations will make this mandatory. A full data audit now before the regulation comes in is the very minimum required to start the preparation process.
“There are also significant budget implications to consider if they are going to cope with the volume of requests which come their way.”
If you’re interested in GDPR and the impact on the HR department, our GDPR training courses offer a structured learning path to equip HR practitioners with the specialist knowledge and skills needed to achieve GDPR compliance.