Over half of customers could walk in the event of a major data breach


As the Data Protection Bill receives its second reading, research from Baringa Partners reveals companies risk losing up to 55% of customers if they suffer a significant personal data leak. The research, which investigates consumer attitudes towards data protection, is particularly timely given the expected rise in reported data breaches under the EU’s General Data Protection Regulation (GDPR).

The research covers banking, insurance, energy, TV, phone and internet sectors. It reveals that, in the event of a data breach, 30% of people would ‘switch provider immediately’ and a further 25% would ‘wait to see a media response/what others say and do’ before switching.

Where multiple versions of customer information are saved to different systems, companies are more exposed to the risk of hacks or unauthorised use. The potential danger to customer retention draws attention to the investment choices companies need to make now for the sake of their business under GDPR.

Daniel Golding, director at Baringa, comments, “With more than 50% of customers at risk of switching to a competitor in the event of a major data breach, companies urgently need to demonstrate they have strong data protection policies in place. The introduction of GDPR will more easily expose those with insufficient or flawed practices and the consequences could be disastrous.”

The research also reveals that 64% of customers currently trust companies with their personal data. The main reasons given for trusting a company are ‘they are an established brand/have a strong reputation’ (29%) and ‘they have been my provider for a long time’ (18%). Specific data practices, such as transparency relating to data privacy policies or using data for reasons other than its original purpose, are considered to be less important.

Daniel adds, “It’s good news for businesses that customers by and large trust them with their data. But, as our research clearly shows, they cannot afford to be complacent. Trust may be based on reputation and loyalty rather than specific data practices, but this is in many ways a false distinction to make. If companies fail to shore up their data defences, then it is their brand that will take the hit. Customers will soon begin to walk away.

“At the same time, customer attitudes and behaviours towards data are likely to change. When the new rules come into force and companies are required to supply a copy of all personal data on request and for free, 70% of people say they are likely to take advantage of the service.

“Companies without centralised data governance will struggle to locate and respond efficiently with their data. So, GDPR isn’t only about protection; it’s about proactively speaking to customers and explaining what data is currently held on them and why. This is a real opportunity for companies to set themselves apart.”