A fifth of adults polled will request data from employers under new data protection regulation

21 July 2017


21% of consumers said they will request for personal data to be removed from current or previous employers and 22% said they would request access to their personal data.


The General Data Protection Regulation (GDPR) comes into force on 25 May 2018.  Many of the principles of the UK’s Data Protection Act 1998 (DPA) will remain when the UK implements GDPR. The new Regulation takes data protection further, with a change in emphasis from ‘best practice’ to ‘requirements’, greater consent from individuals, new rights such as the right to be forgotten, and other significant changes.

Payroll and HR data, procedures and systems will be directly affected, including where third party software or service providers are involved.


A poll of 2,000 UK adults commissioned by SAS explores the nation’s sentiment towards upcoming legislative change that empowers consumers with new rights over how their personal data is handled by organisations.

The poll reveals that 48% plan to activate new rights over their personal data when GDPR comes in and 15% expressed their intention to activate their new rights in the same month that GDPR comes in.

The poll revealed which rights UK adults would welcome most:

  • 64 per cent welcomed ‘the right to access’ (e.g. get a copy of personal data held about them)
  • 62 per cent welcomed ‘the right to erasure’ (e.g. erase personal data from certain systems)
  • 59 per cent welcomed ‘the right to rectification’ (e.g. if personal data is inaccurate or incomplete)
  • 56 per cent welcomed ‘the right to object’ (e.g. using data for marketing and profiling)
  • 54 per cent welcomed ‘the right to restrict processing’ (e.g. if they contest accuracy of data)
  • 43 per cent welcomed ‘rights in relation to automated decision making and profiling’ (e.g. the right to seek human intervention following an automated decision they disagree with)
  • 38 per cent welcomed ‘the right to data portability’ (e.g. obtaining and re-using data)


Compliance with the new data rights, which promote openness by public bodies and data privacy for individuals, is said to be proving challenging for organisations.

Tables showing which organisations would receive a request to remove or provide access to consumer data and what information consumers said they were prepared to share with their favourite brands or organisations, so they could benefit from improved or tailored services, can be found on the SAS website.


CIPP comment

Prepare now for biggest change to data protection law for a generation – follow the ICO’s ‘12 steps to take to prepare for GDPR’ if you haven’t already started.

The CIPP also run a half day training course which will help delegates understand and prepare for the changes, including how they affect payroll and HR functions, so that they can help their organisations become fully compliant by May 2018.