It’s been more than two months since the EU’s General Data Protection Regulation (GDPR) went into effect, and many customers in the UK and Ireland are taking advantage of their new rights faster than anticipated.

According to a new survey from SAS, 27% of UK and Irish consumers have already exercised their newfound personal data rights–which include any of these eight rights given to consumers under GDPR. Commonly, these rights are used by individuals to get information about what data a company has on them, or to request unused data be deleted.

As noted in the survey’s press release, those personal data requests will continue to grow. Some 56% of the 2,000 people surveyed said they plan to exercise their personal data rights within the next year.

SEE: Hiring kit: GDPR data protection compliance officer (Tech Pro Research)

That number is up from a similar survey last year. In a 2017 survey conducted by SAS, only 42% said they planned to exercise their personal data rights within the next year.

When GDPR first went into effect on May 25, it was unclear what its full impact would be. Now, however, it’s becoming increasingly clear that the exercising of GDPR rights could become a very common practice, and businesses must be ready to field such requests without a disruption to their daily operations.

“This swift response shows the level consumers value and are aware of their data privacy rights under the GDPR,” Todd Wright, global GDPR lead at SAS, said in the release. “Organizations need to be ready for these customer data requests. It’s increasingly clear that in this age of increased data privacy concerns, organizations that treat their customers’ data with care will be the ones rewarded, and the ones that don’t will not only face fines but the loss of reputation as well.”

The mishandling of data is a serious breach of trust, the release noted, and it won’t take much for consumers to begin activating their GDPR rights. According to the report, 46% of respondents said they would enact their data rights “after only one mistake.” Additionally, 31% said they’d withdraw permission to use their data in the event of misuse–no matter the promises or assurances a company makes.

Social media firms and retailers were the industries most impacted by personal data requests, the report said, followed by banks, insurers, supermarkets, and energy providers.

“Businesses that fail to respect their customers or their data risk losing that data, and their competitive advantage, hurting the bottom line,” David Smith, head of GDPR technology at SAS UK and Ireland, said in the release. “Transparent data management and analytics are crucial, not only to achieve compliance but to provide personalized customer experiences that make consumers more willing to share their data.”

The big takeaways for tech leaders:

  • 27% of UK and Irish consumers have already exercised their newfound personal data rights, only two months after the implementation of GDPR. — SAS, 2018
  • 46% of UK and Irish consumers said they would enact their GDPR data rights after perceiving only one mistake from a company. — SAS, 2018