The General Data Protection Regulation (GDPR) went into effect on May 25 of 2018, with the goal of creating strong standardized data protection laws for all members of the European Union. GDPR tells EU citizens how companies do and might use their data, and enables citizens to better control their data online.
In February of 2018, we surveyed over 5,000 EU citizens (from UK, Ireland, Germany, and the Netherlands) and Americans to learn about awareness, perceptions, and concerns related to the upcoming regulations. Now, we’ve surveyed another 5,000 people to learn how perceptions and fears may have changed one year after the implementation of GDPR.
Overall awareness of GDPR
It may come as no surprise that EU citizens are much more familiar with the GDPR and what it means for their online privacy and security than they were last year. In 2018 only half (51%) had heard at least a little about GDPR, and one quarter (23%) had never heard the term. This year, nearly eight in ten (77%) knew at least a little about GDPR and a scant 6% had never heard of it.
Increased awareness has also made its way across the pond, but to a lesser extent. In 2018, just 10% of Americans knew something about GDPR. This year that number has nearly tripled to 28%, though half of Americans have still never heard of GDPR (down from 78% in 2018).
Persistent worries about privacy and security online
Despite increased knowledge of GDPR and what rights it offers them, EU citizens’ concerns about their online privacy and security remain unchanged since it went into effect. Today, 45% say they are very worried about their online privacy and 51% say they are very worried about their online security.
EU residents have other, more specific, worries. Eight in ten (83%) say it matters to them that their data is stored in their country, and nearly as many (73%) say it matters that their data is stored within the EU—yet just half (54%)—are confident that they know where their data is stored currently.
Improved confidence in corporate privacy and security policies
Perhaps the additional options that EU citizens have regarding their data is causing confusion—they are less likely to say that they have the knowledge and resources to protect their data online than last year (57%, down from 63%).
On the other hand, GDPR may be having the desired effect on companies, as EU citizens increasingly think that companies are doing a good job informing them about their choices about their data (53%, up from 44%).
Citizens are also clear on what companies can do to increase their confidence even more: Most impactful is the ability to make choices about their data and privacy from within their account (56%), followed by simplified language on security policies during sign up (44%), and having detailed information about security polices easily searchable (39%).
While governmental regulation does not seem to have reduced citizens’ concerns about their privacy and security overall, it appears that confidence in corporate privacy policies is improving.