Legal professionals to take control of their personal data when GDPR comes in

People who work in the legal sector are more likely than any other to ask for their personal data to be edited or deleted once the General Data Protection Regulation (GDPR) comes into force, a survey has revealed

A survey by Crown Records Management, global information management experts, has revealed some stunning results when it comes to how many people could ask for their data to be removed or altered. And it seems those in the legal sector will be right at the top of the pile.

The survey says that 86% intend to take advantage of new ‘right to erasure’ regulation which is due to arrive on May 25, giving all EU citizens greater rights over their personal data.

This includes a right to ask for their data to be edited or deleted – as part of a so-called ‘right to be forgotten’ or ‘right to erasure’.

Now businesses are bracing themselves for exactly what this means and how much it will cost them.

The results, after more than 2,000 people across the UK were polled, revealed:

• An incredible 86% of those in the legal sector said they may ask for their data to be edited or deleted after May 25 – with 57% saying they would definitely do so.
• This was by far the highest figure returned – in HR the figures were 65 and 26%
• Across all sectors, 71% said they would (either definitely or possibly) ask a company to edit or delete their data when the new regulation comes into force. In an adult UK population of 52.6 million this could result in an incredible 37.3 million requests.
• Only 8% gave a straight ‘no’ when asked if they would want data edited or deleted.
• More than half of directors across all sectors said they would definitely ask for their personal data to be changed or removed.

David Fathers, Regional General Manager at Crown Records Management said: “We were all aware that the public is increasingly interested in how their personal data is used and increasingly aware of its value and the dangers of its misuse.

“But for so many people to indicate they will ask for data to be edited or deleted will come as a shock to many businesses.

“The figures in the legal sector are particularly high and perhaps shows how aware people in that profession are about the value and risks of personal data in the modern world.

“The bottom line is that there could be a big challenge ahead for UK businesses. Even if only the 25% who answered ‘definitely’ follow through with that intention then we could be looking at more than 16 million requests – which is an eye-watering figure.”

The type of data those in the legal sector will want editing or deleted was interesting, too.

Financial, banking and credit data was top of the list on 76%. But basic details such as date of birth (68%), and name, address email (60%) also ranked highly.

“This perhaps shows that those in the legal sector have a deep understanding of what kind of information can lead to identity fraud if it falls into the wrong hands,” said David Fathers.

“But it also shows just how many types of personal data are under discussion here – and that few businesses will be unaffected.

“Companies should already know what data they have, where it is, how it can be accessed and how it can be edited – but the GDPR regulations will make this mandatory. A full data audit now before the regulation comes in is the very minimum required to start the preparation process.

“There are also significant budget implications to consider if they are going to cope with the volume of requests which come their way.”