GDPR warning: 78% of consumers have recently been contacted by a business without their consent

Dec 12, 2017 | Regulation

The vast majority of consumers (78%) receive unsolicited contact from UK businesses, according to new research.

The research, from SaaS GDPR compliance solution, also indicates that 70% of consumers have not heard of sweeping General Data Protection Regulation due to come into force in May and 61% would not share data even if they directly benefit.

With the General Data Protection Regulation (GDPR) set to extensively change data privacy rules in May, the survey also revealed that 70% of consumers are completely unaware of their new rights – having never heard of the legislation.

The research also uncovered wide-spread suspicion of how personal data is used with 40% of respondents believing that more than 200 organisations currently held their personal data.

Half of consumers were also unaware they could request their data from businesses.

Worryingly, for businesses ahead of the implementation of GDPR, 61% of people do not want to share their data with an organisation even if it directly benefits them.

GDPR, which comes into force into May 2018, will allow people much more control over the data that organisations hold on them. They will be able to request, amend and delete personal data. Organisations will also need to get explicit, informed consent to hold data and contact consumers. Failing to comply with GDPR could result in a €20 million fine or 4% of global turnover (whichever figure is higher).

Julian Saunders, CEO and founder of, said: “The results of our research are very concerning. Not only are consumers unaware of their current rights, most are completely unaware of the sweeping new rights they will have in only a few months. Clearly, many businesses are breaking current rules by contacting people without consent.

“GDPR is the most fundamental change to ever happen to data privacy. It is designed to restore trust, accountability, security and transparency.

“Reckless use of data and lacklustre security now means that many people are unwilling to knowingly share their data. Ahead of the implementation of GDPR, where organisations will need to work very hard to continue to hold, collect and use personal data, this lack of trust and understanding of data rights is a huge problem. Many organisations need this flow of data to function.” contacted the Information Commissioners Office to ascertain statistics on the average number of organisations that held personal data on an individual – however, no firm information currently exists.

The research was conducted from 22nd November – 1st December surveying 373 individuals.

Share This