In just over two months, on 25 May, the General Data Protection Regulation (GDPR) comes into force in the UK. There’s no shortage of advice for businesses on preparing for it – from the detailed guidance and resources produced by the Information Commissioner’s Office through to a rapidly growing industry of GDPR seminars, conferences and blogs.

If we look at it from the perspective of “data subjects” – that’s all of us as individuals – the GDPR will enshrine a host of new rights that we can action in relation to the data that companies and organisations hold on us. The recent Digital Leaders blog by Catherine Knivett, Ci’s Head of Partnerships, sets these out in more detail. These new rights will undoubtedly change the relationship between individuals and any organisation that holds their data. And, under the headline-grabbing shadow of a fine of up to £17m, or 4% of global turnover, the focus in the run-up to 25 May is on how organisations can demonstrate compliance with GDPR.

Compliance suggests a reluctant, reactive, “if we must” burden. But these rights are vital for individuals. Those individuals are customers, consumers, clients, subscribers, service users, patients, members of professional or social communities – the people that organisations should care about. So this is an incredible opportunity: an opportunity for companies to demonstrate how much they value their relationship with the people whose data they hold, how they can transparently and proactively make that data-exchange relationship better, and how they can improve it for the long-term, to the benefit of both sides. At our recent Digital Leaders South West salon, we explored some of these issues and you can read the reflections of one of our guest speakers, MyLifeDigital’s J Cromack, here.   

So how much do we know about people’s attitudes to data: its protection and their rights to privacy and control? Do we know how this links to their level of trust in organisations that hold their data? And what do they want those companies to do to improve their understanding and trust? Thanks to a number of recent surveys and analyses of public attitudes to data and technology (for example, from the Open Data Institute (ODI) and Doteveryone) we are getting a fuller picture of what people think, and what they might want in return. For example, Doteveryone found that:

95% of people say it’s important to know their data is secure

94% say it’s important to know how their data is used

91% say it’s important to be able to choose how much data they share with companies

51% would like to know how their data is used but can’t find out


In the ODI’s survey, 94% of respondents said trust was important in deciding to share personal data. It also found that 33% of respondents would feel more comfortable sharing data if organisations explained how it is used and shared, and 18% would welcome step-by-step instructions from organisations about how to share data safely.

We have pulled together more of the recent survey findings on people’s attitudes to data sharing in the slideshow below.

But how much do we know about how people are going to react once GDPR comes into force? Well, not quite so much. A survey of 7,000 consumers across seven European countries in December 2017 asked people what they identified as the most important rights under GDPR:

  • 47% of the respondents identified the ability to simply see the information the companies hold on them
  • 22% identified the ability to demand they erase their personal data
  • 9% identified the visibility of when their personal data is used to make automated decisions.

However, a whopping 93% of European respondents said they would erase their data if they weren’t comfortable with how companies were using it. (An interesting footnote from this survey is that UK residents appear to be the least likely to act once GDPR comes in: 74% compared to 82% overall in the survey.) When it comes to it, will people act? If they want to erase their data, will they know how to? Will they understand what the implications are: what they might miss out on, as well as what they might gain in terms of greater control? That’s just one of the things we intend to investigate in our new Ci Communities project: “Your Data, Your Rights”. Read more about it here.

This project goes to the heart of Ci’s mission to empower people and build trust. If you want to get involved, or find out more, contact us at and we’ll be reporting back regularly on progress on this blog.