One year ago on May 25, 2018, the General Data Protection Regulation (GDPR) went into effect and replaced the 1995 EU Data Protection Directive (DPD) with the goal of significantly enhancing the protection of the personal data of EU citizens and increasing the obligations of organizations who collect and/or process personal data.
Although the GDPR is an EU regulation, its rules still apply to any business that markets or sells their products to EU consumers and/or that monitors the behavior of people in the EU. Basically, if you’re located outside of the EU but you control or process the data of EU citizens, the GDPR applies to your organization.
The GDPR ensures eight rights for individuals, including granting consumers easier access to the data companies hold about them, requiring companies to inform consumers about such data collection, and necessitating companies to obtain consumer consent before data collection occurs.
If you're curious, take a look at how HubSpot navigates the GDPR.
Since going into effect last year, the GDPR has already made headlines -- regulators fined Google $57 million in January of this year for not properly disclosing to users how the company collected their data for personalized advertisements.
To mark the one year anniversary of the GDPR going into effect, HubSpot partnered with Professor Nicole Votolato Montgomery at the McIntire School of Commerce at the University of Virginia to evaluate EU versus U.S. consumers’ perceptions of the current organizational data practices, online consumer-company interactions, and organized responses to privacy regulations. We wanted to explore how (and if) consumer attitudes have changed a year later, since we last conducted a survey on GDPR.
We surveyed a group of 1,115 subjects across the U.S. and EU (United Kingdom, Germany, and France).
Consumers’ focus on the GDPR has declined.
In 2019, consumers aren’t as focused on the GDPR as they were before its implementation in 2018. In the EU overall, the number of respondents reporting that they were familiar with the GDPR dropped by 6.6%.
In the U.S., consumers’ focus remains relatively consistent, but overall, far fewer Americans are familiar with the GDPR than in European countries.
Fewer consumers report that the GDPR has improved their interactions with companies.
Since 2018, the number of EU and U.S. consumers that claim that the GDPR improved their interactions with companies decreased, with France experiencing the largest decrease of 6%. While the U.S. saw a decrease of less than 2%, more American consumers report improved interactions in both 2018 and 2019 than E.U. consumers.
However, when asked whether they believe that something similar to the GDPR should be instituted in the U.S., only half of American consumers responded positively.
Additionally, while most consumers report that the GDPR hasn’t improved their interactions with companies in the past year, over 63% of EU consumers believe that the GDPR has had a positive impact on consumer data privacy in 2019 - fewer consumers in the U.S. and Germany versus other EU countries report this belief.
Fewer consumers are concerned with how companies are collecting their personal data.
Even though the majority of EU and U.S. consumers report that the GDPR hasn’t improved their interactions with companies since 2018, fewer consumers responded that they’re likely to opt-out of company data collection, with U.S. and U.K. consumers remaining relatively consistent.
Plus, the number of EU consumers who report that they’d go a step further to request that companies delete all the information stored about them decreased in the last 12 months, yet increased by almost 5% in the US.
Fewer consumers expect companies to alter their behavior because of the GDPR.
Consumers in the EU and U.S. express lower expectations when it comes to companies changing the way they demonstrate, update, and even change the way they address data privacy. Fewer EU and U.S. consumers over the course of the last year expect companies to educate them on how they plan to follow the new GDPR regulations.
Fewer still expect organizations to update their data protection policies since 2018 or to stop selling data to other companies.
Plus, while one of the main tenets of the GDPR is to illuminate data collection transparency, the number of consumers across the EU and U.S. who expect this transparency decreased in 2019, compared to 2018.
Consumers’ expectations about companies’ responses to the GDPR are country-specific.
While consumers across the EU and U.S. are mostly unified in their perceptions of the GDPR, their expectations for companies in response to the privacy regulation differ by country.
U.S. consumers’ primary expectation about these regulations from 2018 to 2019 remains unchanged - that companies would update their data protection policies. Meanwhile, EU consumers in 2018 expected companies to stop selling data to other companies, and in 2019, their expectations mirror those of U.S. consumers.
In the U.K., consumers value the transparency of company data practices more over the past 12 months, while French consumers value transparency less. German consumers’ expectations, however, remain consistent.
HubSpot Research partnered with the University of Virginia to survey consumers in the U.S. and Europe in 2018 and 2019. 540 consumers in the EU and the U.S. were asked to respond to survey questions about organizations’ data collection and usage practices and privacy policies in 2018 (the year GDPR went into effect).
1,115 consumers in the EU and the U.S. were asked to respond to the same questions in 2019 (one year after GDPR).