What do you think about data protection?

Urban myths, fake news and bona fide facts…

What your average person on the street really thinks about data protection.

Hands up if you you’re an expert on the GDPR and data protection. Thank you.

Can we put ours down now? Because unless you do have the support of someone who really knows what they’re talking about, where does that leave you?

At one end of the scale, you have the Information Commissioner’s Office (ICO) which is full of extremely useful, albeit highly detailed, information. The question is: how easily can you follow it?

Then at the other end, there’s the perceived wisdom of the people’s collective. That’s right – the informed knowledge and beliefs of the internet and so-called man/woman on the street. For some people, if they need to know something, they’ll simply ask around for the answer.

So, in tribute to an old TV favourite here at DBX HQ, we decided to go all ‘Family Fortunes’ and see what people generally thought about GDPR and data protection.

We didn’t quite manage to quiz 100 people, masquerade as Les Dennis or limit our informal survey to just the High Street (maybe the odd question or three did take place in a drinking establishment), but we did get a fair few to divulge what the GDPR and data protection meant to them.

Here’s a sample of what they told us, categorised into ‘The Facts’, ‘The Fiction’ and ‘The Confused & Befuddled’…

The Facts

“It should keep my data safe.”

“It should mean a company’s doing the right thing and can be trusted.”

“If there are any third parties involved, the main company should have vetted them properly.”

“If my info was compromised, I should find out straight away.”

“The importance of data protection should apply to everyone in the company.”

“After a data breach, reputational risk could prove more damaging to a company than the financial fine itself.”

“I can submit a Subject Access Request and find out everything that a company holds on me.”

So far, so good.

But when you then look at the ‘The Fiction’ below, you might notice something interesting about the first four responses…

The Fiction

“Er, it keeps my data safe.”

“It means a company’s doing the right thing and can be trusted.”

“If there are any third parties involved, the main company would have vetted them properly.”

“If my info was compromised, I’d find out straight away.”

“Only the CEO, Head Honcho and HR need to worry about data protection.”

“Data protection means not disclosing to the person whose data is held how much there is and what it’s being used for.”

“It only applies to big companies and those that do email marketing.”

“You can only hold someone’s data if you have their consent.”

“It just relates to politicians and business people leaving laptops and folders on public transport…”

“It’s okay if others overhear stuff in a conversation as long as I’m whispering so as not to let them hear.”

That’s right – the first four responses are very similar to those given in ‘The Facts’ and that’s because data protection is about following good practice and what you ought to be doing. Even when best practice is being adhered to, there’s still no guarantees.

Of course, the flip side is that if you’re not trying to do the right thing, are deliberately flouting the rules or just being plain careless, well, that’s different!

And then we come to our favourite answers…

The Confused and Befuddled

“GDPR? Isn’t that a rail company?”

“I always put a sticker over the webcam on my laptop so that once I’ve shared my details with a company, they won’t know it’s me.”

“No, not a rail company. I meant the amount of money that a nation produces. Right?”

“Okay, I give up – haven’t got a bloody clue. A bad Scrabble hand?”

Who knew?! All in all, some different replies there and some more useful than others. But whether you’re responsible for people’s data or are reliant on others keeping yours safe, the message is the same: data protection is important, and the guidelines are there for good reason.

Are you ready to separate data protection fact from fiction?

If you’re still unsure of what’s what with the GDPR, how it affects you and your business or how you can be better prepared, why not invest some time talking to people that are really in the know?

And don’t tell anyone but we might even disclose some of the more unprintable reactions we received…

P.S. Speaking of disclosure, in keeping with the guidelines of the Unofficial Impromptu Survey Society, we thought that we should reassure you that no backs of fag packets were harmed in the design or conducting of this exercise.

Until next time...