Cast your mind back to April last year. Your inbox filled with email marketing from services and newsletters you signed up to over the years asking you to re-subscribe to their mailing lists – and it’s likely you took the opportunity to unsubscribe to many. This was the first time the general population had been confronted with the realities of the General Data Protection Regulations, commonly known as GDPR. For many businesses, this saw databases slashed overnight.
However, the wider purpose of GDPR is to ensure businesses have put the appropriate processes and protection in place to securely manage European consumers data. However, one year on and our research has found 84% of respondents don’t think GDPR has been taken seriously enough and that the security of their data is still an issue. Highlighting that UK organisations’ initial efforts simply weren’t enough in the eyes of consumers and on-going communication must be considered.
Current poor data security practices, such as using PINs or passwords that are stored locally on corporate-owned databases, can leave data vulnerable to breaches, and fully justifies the fears held by consumers regarding the safety of their information. In fact, three quarters (75%) of the consumers surveyed admit to being concerned about the security of their personal information, once it has been shared with a company.
However, consumer trust in personal data protection greatly differs depending on the market sector. Almost half (45%) would be most comfortable sharing their personal information with financial services organisations, but only 15% would say the same about sharing it with hospitality companies (such as bars and restaurants). This suggests organisations that are perceived to be more heavily regulated are typically more trusted by consumers. Illustrating the even greater need for companies operating outside these sectors to clearly demonstrate that their data protection policies are watertight. Only by doing so will they gain consumer confidence in their compliance processes.
Taking a security-first approach, by embracing innovations such as fingerprint biometrics for sectors that require customer authentication, is imperative to retaining and growing customer trust in data compliance for the foreseeable future.
Biometric solutions are an effective means to address these concerns. Recent advances in applying fingerprint biometric sensors to smart cards mean authentication credentials are only held on the card itself – removing the need to store data in a central database vulnerable to breaches and a popular entry point for hackers. In the same way that the fingerprint data never leaves the card, where fingerprint biometric sensors are integrated into numerous devices (such as IoT enabled devices), the fingerprint image should be stored locally to the device to similarly eliminate the risk to users. By minimising the sensitive data businesses must manage, GDPR hurdles are simplified. The efforts the business has made to address concerns must also be clearly communicated to raise consumer confidence in the business’ dedication to GDPR compliance.
While banks were rated highest amongst other UK sectors by consumers when it comes to GDPR compliance, there is still room for improvement. Banks must ensure they don’t become complacent and address consumer faith by remaining vigilant regarding data protection. But no matter which sector a business falls within, companies need to be more transparent in their approach to data security and embrace fingerprint biometric authentication to improve compliance measures and drive consumer confidence. Demonstrating GDPR compliance is imperative to garnering consumer trust. Failure to do so will see businesses in any sector lose loyal customers and ultimately, their competitive edge and profitability.
Executive and Board level Management executive with a proven track record of business growth and delivering exceptional financial performance. Skilled in Business Development, Product Management (B2C), Strategy (New Business Development, payment processing, identity verification, card issuing/less payments), and Business Strategy technology. I have strong commercial, analytical and financial skills backed up by more than several years' experience gained within large corporates and FTSE 100 companies
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.