Posts

A Headlining Week for Privacy, SARs and Err, Trees

Privacy Has Been Hitting the Headlines

What We’ve Been Reading And Writing This Month

Personal Information and Subject Access Requests
Plus – Saving Trees for Privacy?
IDC Insight - Exonar Probes Depths Where No GDPR Solution Has...
When GDPR goes live, people will be able to submit subject access requests to current and former employers
Apple actively promoting Privacy as a selling point but...
Apple actively promoting Privacy as a selling point but…
At Apple, we build privacy into every product we make, so you can enjoy great experiences that keep your personal information safe and secure.
How the GDPR will disrupt Google and Facebook
…seen in an Apple store in Chicago – Exactly what GDPR should stop
Normally one of the bastions of privacy data, below is a sign that was spotted in an Apple retail outlet in Chicago recently. In essence, it assumes full consent is given for Apple and it’s…
Subject access requests: revised guidance from the ICO -...
At 9.24pm (and one second) on the night of Wednesday 18 December 2013, from the second arrondissement of Paris, I wrote “Hello!” to my first ever Tinder match. Since that day I’ve fired up…
Get our free GDPR report
You have the right to get a copy of the information that is held about you. This is known as a subject access request.
Plantatreeforprivacy: the impact of GDPR when privacy regulations change
Download our report: the impact of GDPR when privacy regulations change
In May next year, the UK’s Data Protection Act will be superseded by the GDPR. The GDPR is designed to give citizens more control of the information organisations hold on them and how that…
We Are Hiring - Marketing Executive - Exonar
SARs can be over 800 Pages long.Where do we start?
I did my own SAR on my own bank. This is it (actually, it’s less than half of the information they hold on me but they filtered the request). Arrived via DHL in 2 huge boxes…
Heineken Pet
The Somewhat Related Section – Planting trees for privacy. Really?
Yes, odd, we know but this 90 second video explains all – we felt bad after the SAR experiment on the left, not just for trees but for the employees that have to generate SARs…

Millions of Brits set to make GDPR personal information requests

Finance, telecoms and even social media in the firing line as customers set to demand a copy of personal information held on them

LONDON, November 1st 2017 – New research released today shows that millions may submit Subject Access Requests (SARs) to find out what personal information businesss hold on them after the General Data Protection Act goes live in May 2018.

The research, conducted by Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, set out to identify what people know about how their privacy rights will change in May 2018. The findings showed that 70% of people have no idea about the changes. However, once GDPR and the term SAR was explained to them, 57% said they would raise a SAR.

The research also considered which sectors will be hit hardest. Financial services topped the charts with a third of people saying they would submit a SAR to their bank and 16% to their credit card provider. This could result in around 21million* current account holders raising a SAR and around a further 8million** credit card holders also asking for information held on them.

Other targets for SARs included mobile network providers (11%), social media companies (16.4%), insurance companies (8%), and loan companies (5%), 8% a utility firm, and 5% a retailer. A further 9% would raise a SAR on a current employer, 4% on an ex-employer.

Julie Evans, COO at Exonar, said companies need to make the most of the time they have before the Information Commissioner’s Office (ICO) starts its consumer publicity campaigns: “Companies often ask us how they can predict how many SARs they will receive. It’s an impossible task as so much of it will come down to consumer awareness.

“At the moment all communication efforts from the ICO are focused on getting companies ready for the GDPR, but come next Spring, we expect the focus to change as they start to inform the general public about the changes. If the ICO succeeds in raising consumer awareness then, as this research shows, the floodgates will open. Businesses really do need to make the most of the remaining months to get their data house in order.”

The research found that people are worried about how their data is managed today: 27% are concerned their data could be sold, and another 27% said they worried about hacking.

As part of the research, it was explained that a SAR could run into hundreds of pages***. Almost a fifth (18%) stated ‘shock’ that a company could hold so much about them and everything they have ever done, with 15% saying that if they held that much information they would want to know exactly what it was and a further 10% went as far as to say they’d want companies to forget about them altogether.

There were also environmental concerns: a third of people (31%) said they thought SARs were a waste of paper and would prefer to receive them in a secure digital format – just over a quarter were surprised a SAR wasn’t digitized anyway. 12% said environmental concerns would put them off doing a SAR.

Evans adds: “Going digital should be at the heart of any GDPR strategy. New technologies like data mapping, big data and machine learning will make it easier for businesses to ensure personally identifiable data is easy to locate and secure. Technology can help everyone in a business to follow best practice and avoid the potentially hefty cost of failing to deal with SARs and comply with the GDPR.

“Aside from the cost, relying on manual processes is too high risk. Going digital will make the process of finding and retrieving information quicker and cheaper, and also lessen the environmental impact of completing a SAR request.”

In order to offset the environmental impact of producing paper-based SARs and to encourage organisations to consider moving towards a digital process, Exonar is asking that for every SAR that is produced in paper a tree is planted or a donation is made to the Woodland Trust.

For more information about the research go to: www.exonar.com/plantatreeforprivacy

 

Notes to editors 

About the research: 1028 adults were surveyed between 6th and 10th October 2017, by Opinion Matters.

* Approx. 21m active current account holders (33% of 65m –  https://assets.publishing.service.gov.uk/media/53c834c640f0b610aa000009/140717_-_PCA_Review_Full_Report.pdf)

** Approx. 8m active credit card holders (16% of 50m –http://uk.creditcards.com/credit-card-news/uk-britain-credit-debit-card-statistics-international.php)

Calculation: 33% of 1028 people questioned said they would submit a SAR to their current account provider, and 16% said they would submit a SAR to their credit card provider, multiplied by the total active current account/credit card holders.

*** People can raise a request today but companies can take as long as 40 days and charge for the service. An Exonar employee asked their bank, with whom they have been a customer for 20 years, for the information they held on them. This picture features all the paper the employee received. It amounts to eight reams of paper.

Millions of Brits to submit SARs when the GDPR goes live

 

Finance, telecoms and even social media in the firing line as customers set to demand a copy of personal information held on them

LONDON, November 1st 2017 – New research released today shows that millions may submit Subject Access Requests (SARs) to find out what personal information businesss hold on them after the General Data Protection Act goes live in May 2018.

The research, conducted by Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, set out to identify what people know about how their privacy rights will change in May 2018. The findings showed that 70% of people have no idea about the changes. However, once GDPR and the term SAR was explained to them, 57% said they would raise a SAR.

The research also considered which sectors will be hit hardest. Financial services topped the charts with a third of people saying they would submit a SAR to their bank and 16% to their credit card provider. This could result in around 21million* current account holders raising a SAR and around a further 8million** credit card holders also asking for information held on them.

Other targets for SARs included mobile network providers (11%), social media companies (16.4%), insurance companies (8%), and loan companies (5%), 8% a utility firm, and 5% a retailer. A further 9% would raise a SAR on a current employer, 4% on an ex-employer.

Julie Evans, COO at Exonar, said companies need to make the most of the time they have before the Information Commissioner’s Office (ICO) starts its consumer publicity campaigns: “Companies often ask us how they can predict how many SARs they will receive. It’s an impossible task as so much of it will come down to consumer awareness.

“At the moment all communication efforts from the ICO are focused on getting companies ready for the GDPR, but come next Spring, we expect the focus to change as they start to inform the general public about the changes. If the ICO succeeds in raising consumer awareness then, as this research shows, the floodgates will open. Businesses really do need to make the most of the remaining months to get their data house in order.”

The research found that people are worried about how their data is managed today: 27% are concerned their data could be sold, and another 27% said they worried about hacking.

As part of the research, it was explained that a SAR could run into hundreds of pages***. Almost a fifth (18%) stated ‘shock’ that a company could hold so much about them and everything they have ever done, with 15% saying that if they held that much information they would want to know exactly what it was and a further 10% went as far as to say they’d want companies to forget about them altogether.

There were also environmental concerns: a third of people (31%) said they thought SARs were a waste of paper and would prefer to receive them in a secure digital format – just over a quarter were surprised a SAR wasn’t digitized anyway. 12% said environmental concerns would put them off doing a SAR.

Evans adds: “Going digital should be at the heart of any GDPR strategy. New technologies like data mapping, big data and machine learning will make it easier for businesses to ensure personally identifiable data is easy to locate and secure. Technology can help everyone in a business to follow best practice and avoid the potentially hefty cost of failing to deal with SARs and comply with the GDPR.

“Aside from the cost, relying on manual processes is too high risk. Going digital will make the process of finding and retrieving information quicker and cheaper, and also lessen the environmental impact of completing a SAR request.”

In order to offset the environmental impact of producing paper-based SARs and to encourage organisations to consider moving towards a digital process, Exonar is asking that for every SAR that is produced in paper a tree is planted or a donation is made to the Woodland Trust.

For more information about the research go to: www.exonar.com/plantatreeforprivacy

 

Notes to editors 

About the research: 1028 adults were surveyed between 6th and 10th October 2017, by Opinion Matters.

* Approx. 21m active current account holders (33% of 65m –  https://assets.publishing.service.gov.uk/media/53c834c640f0b610aa000009/140717_-_PCA_Review_Full_Report.pdf)

** Approx. 8m active credit card holders (16% of 50m –http://uk.creditcards.com/credit-card-news/uk-britain-credit-debit-card-statistics-international.php)

Calculation: 33% of 1028 people questioned said they would submit a SAR to their current account provider, and 16% said they would submit a SAR to their credit card provider, multiplied by the total active current account/credit card holders.

*** People can raise a request today but companies can take as long as 40 days and charge for the service. An Exonar employee asked their bank, with whom they have been a customer for 20 years, for the information they held on them. This picture features all the paper the employee received. It amounts to eight reams of paper.

Seen in Apple in Chicago – Exactly What GDPR Should Stop

Normally one of the bastions of privacy data, below is a sign that was spotted in an Apple retail outlet in Chicago recently. In essence, it assumes full consent is given for Apple and it’s Partners to use privacy data by merely entering the store.

GDPR Article 7 might have something to say about this!

Privacy Data: The Final Frontier? The latest from Exonar

Privacy Data: The Final Frontier?

What We’ve Been Reading And Writing This Month

The Future of Privacy Data
Plus – Attend Simmons & Simmons ‘The Future of Privacy Compliance Seminar’
IDC Insight - Exonar Probes Depths Where No GDPR Solution Has...
Analyst IDC Publishes Insight into Exonar’s Capability to Help Organisation’s Comply with GDPR. Exonar Probes Depths Where No GDPR Solution Has Gone Before June 19, 2017 By: Mark Child, Alex…
The future of privacy compliance
The future of privacy compliance
On Tuesday 19 September, Simmons & Simmons are hosting a panel discussion devoted to technology solutions and addressing privacy challenges. The competing challenges and interests of…
How the GDPR will disrupt Google and Facebook
How GDPR will disrupt Google & Facebook
Google and Facebook will be disrupted by the new European data protection rules that are due to apply in May 2018. This note explains how. Google and Facebook will be unable to use the…
Subject access requests: revised guidance from the ICO -...
Exonar’s UK GDPR Preparedness Survey – Key Trends and Challenges With less than a year until the implementation of the General Data Protection Regulation (GDPR) in May 2018, Exonar surveyed…
Get our free GDPR report
As Panopticon devotees will know, the early months of 2017 brought a flurry of judgments about subject access requests – most importantly, in the Dawson-Damer and Ittihadieh/Deer cases. The…
The EU GDPR - The Definitive, Easily Searchable Text - Exonar
Full acknowledgement to the gdpr-info.eu project who have a neatly arranged, easily searchable PDF version of the General Data Protection Regulation (GDPR) including its recitals. The EU…
We Are Hiring - Marketing Executive - Exonar
We Are Hiring – Marketing Executive
Are you our next Marketing Executive? An exciting startup software business, we’re looking for an ambitious marketer to take responsibility for creating and delivering our marketing…
Heineken Pet
The Totally Unrelated Section: Heineken Pet
Staying with the spin on Star Trek slogans (but ignoring grammatical debate over split infinitives), remember the Heineken “refreshes the parts other beers cannot reach” ads?

UK GDPR Preparedness Survey 2017

Most UK businesses on target for GDPR compliance but funds, lack of resource and Brexit are holding the rest back 

  • 77% on course for compliance by May 2018
  • 84% believe that the GDPR will make their business data more secure
  • Time and money issues cited by many as key challenges of compliance
  • 6% wrongly believe that Brexit will overrule the GDPR.

LONDON, August 3rd, 2017 – Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, has announced the results of its UK GDPR Preparedness Survey which found that 77% of respondents say they are on course to be GDPR compliant by May 2018.

The results of the survey were largely positive, with 61% of IT and Data Protection professionals stating they are on course for GDPR compliance (26% have a plan and started preparations, 6% already compliant, 23% ready for May 2018). A further 16% added that they have a plan but have not started to implement it yet.

The survey also found that data security may be the hidden gem behind the GDPR, with a combined 84% stating that they expect their business data will become more secure due to an audit to identify personal data (52%) or as a result of data storage and handling improvements (32%).

However, the results demonstrated that substantial roadblocks will need to be overcome in a short space of time for a large number of businesses. 15% reported that they don’t have the funds to get their GDPR plans off the ground, while 20% say they don’t have time to focus on it. A further 18% admitted that they don’t know where their data is.

Startlingly, 6% are waiting for Brexit in the hope it will mean that GDPR won’t apply to them. Under the terms of the GDPR, UK businesses will still have to comply if the data they handle concerns EU citizens, or has the potential to identify individuals within the EU.

The results also suggest there is some confusion over who will take responsibility for GDPR compliance within a business, as only 29% of respondents had a dedicated Data Protection Officer (DPO).

Most respondents believed that IT holds the data protection role (42%). This is despite the terms of the GDPR, which state that all organisations with more than 250 employees must employ a DPO. This person will be responsible for ensuring that a business collects and secures personal data responsibly.

Exonar’s CEO Adrian Barrett commented: “Although the overall results were positive, significant challenges still remain in the form of time, money and understanding over the reach and implications of the new regulation. It’s clear some companies are shackled and their plans aren’t progressing or even formulated. This situation is often worsened by a lack of project leadership and failure to identify responsibility.

“Businesses must ensure they fully understand the new regulations and, crucially, understand how, where and why their data is currently being processed. For most, a period of data discovery needs to be undertaken before they can put a plan into action and it needs to be done quickly as time is running out. To that end, new technology such as Big Data and Machine Learning will prove invaluable in speeding up the first steps to secure data handling.”

To download the full report, click here.

About Exonar

Exonar solves a problem common to all organisations and their senior information owners, “I just don’t know what data I’ve got”. The Exonar solution discovers and interprets an organisation’s data, identifying issues, reducing risk and making it more productive and secure. Exonar has received £3.3m in investment to date from a mixture of experienced business Angels, Winton Ventures and Amadeus Capital Partners. Visit us at www.exonar.com or follow us @Exonar.

The future of privacy compliance

On Tuesday 19 September, Simmons & Simmons are hosting a panel discussion devoted to technology solutions and addressing privacy challenges. The competing challenges and interests of greater regulatory requirements, heightened consumer concerns and greater commercial value of data, make finding new solutions and ways of dealing with data ever more important.

Alex Brown (Partner, ICT) will host and moderate the session and, amongst a technologically distinguished panel, will be Adrian Barrett (Founder and CEO) of Exonar. Canapés and drinks will follow.

Register for your place here.

UK GDPR Preparedness Survey

Exonar’s UK GDPR Preparedness Survey – Key Trends and Challenges

With less than a year until the implementation of the General Data Protection Regulation (GDPR) in May 2018, Exonar surveyed the data protection and wider IT community to gain an understanding of how prepared UK businesses are for the new regulation and what challenges are standing in their way.

Exonar’s goal was to understand the challenges that businesses are facing in the journey to become GDPR compliant. The research has highlighted numerous challenges to becoming compliant. GDPR is the best excuse a company has to identify opportunities to improve the data protection processes that they may already have in place. Approached in the right way it can even provide a competitive edge through forming a better understanding of a customer to tune products and services.

See the full survey results here.

 

There’s lots to love about GDPR

There’s lots to love about GDPR

What We’ve Been Reading And Writing This Month

GDPR – why it is a good thing for business
Plus – useful articles for tracking your GDPR progress
Manageable Data in Moments - The Upside of GDPR
Manageable Data in Moments – The Upside of GDPR
Over the past six months your LinkedIn feed will have told you that GDPR is coming and that you and your compliance, audit and IT teams have a myriad of actions to meet the forthcoming Regulation. But where’s the upside?
Why GDPR is the kick up the backside your marketing needs
GDPR hits home on 25th May 2018. Lawyers and consultancies are having a field day. Many of their internal counterparts are hyperventilating over the prospect but GDPR can only be a good thing…
Gaining competitive advantages from the GDPR
Gaining competitive advantages from the GDPR
Quite a few articles have already been written about the European Union’s new privacy legislation – the General Data Protection Regulation or GDPR, as it’s known to its friends (although if…
How to turn EU GDPR compliance chores into benefits
When the EU General Data Protection Regulation was announced last year, many business owners immediately panicked at the prospect of eye-watering fines and onerous obligations. But with…
Get our free GDPR report
The European Union’s General Data Protection Regulation is designed to protect individuals’ personal data and facilitate the exchange of information for businesses that operate in the EU….
GDPR: Where do I start? - GDPR.Report
The Exonar guide and simple framework to get started on your GDPR journey
Whose customer is it anyway?
Whose customer is it anyway?
In an environment where multiple members of the executive team are being compensated on customer metrics, who actually owns the relationship?
The totally unrelated section: Retro tech making a comeback
The totally unrelated section: Retro tech making a comeback
Reminiscing over the tech you loved is one thing but is old tech best left to a rose-tinted memory…not for everyone, here are the top 12 retro tech comebacks.