With less than 100 days before hard-hitting new data protection regulations come into force, the majority of consumers say they are content with the amount of data that they share, but transparency is key to building trust with businesses, new research suggests.

More than 60% of consumers say they are “happy” with the amount of personal information they share, a report from the Direct Marketing Association (DMA) and Acxiom reveals.

In addition, as businesses, including convenience stores, prepare for the new General Data Protection Regulation (GDPR), 25% of consumers say they are “unconcerned” about matters of data privacy and the exchange of data, up from 16% last year. Young people are particularly relaxed about privacy and readier to share data, with 38% falling into the ‘Data Unconcerned’ group.

In fact, the survey also found greater willingness among young respondents to view data as a tradeable asset that they can use to negotiate better prices and special offers. More than six-out-of-ten (61%) in the 18-24 age group viewed their data in this way, compared with 56% among all respondents.

Critically, 88% also say that transparency is one of the keys to further increasing trust in how their data is collected and used.

“GDPR comes into force in May and our research shows that consumer attitudes are already changing in a way that makes us optimistic,” said Chris Combemale, group CEO of the DMA.

“GDPR establishes a level of transparency and honesty about how data is collected and used, which will be essential to continuing to build and maintain trust between businesses and consumers. This trust is central to data exchange and showing the value to both the business looking to prosper, and the customer looking to benefit.”

The GDPR comes into force on 25 May and will impact on how retailers manage all personal data they hold, including customer marketing, loyalty schemes, home deliveries and much more. The rules will also impact heavily on how in-store CCTV footage is used and stored.

At its heart, the GDPR is designed to prevent personally identifiable information (PII) such as customer names, home, email and IP addresses and bank details, from being collected and used without consent and to ensure that any PII that is held with consent is recorded, managed and protected to the highest possible standard.

The GDPR introduces seven key principals for how PII is managed.

As part of the requirements, the use of personal data must be fully consented by the individual, and this must be done with a positive, unambiguous opt-in. People’s personal data, such as names, addresses and card details, will need to be made anonymous so in the event of an accidental leak or hack they cannot be identified.

Individual rights will also be strengthened so that people must be informed within 72 hours if there has been a breach of their personal data. Individuals will also be able to request information about the data that a store holds on them, including CCTV images, and they will have the right to have this data rectified or deleted should they wish.

Retailers will also need to document all of their regular data processing activities in order to demonstrate that what they do with people’s personal data is in line with the GDPR.

Retailers will also need to ensure that they inform any third parties and data processors (such as loyalty operators, suppliers and beacon technology operators) when a right to rectification is exercised.