The General Data Protection Regulation: One Year Later

Jon Dick
Jon Dick

Published:

One year ago on May 25, 2018, the General Data Protection Regulation (GDPR) went into effect and replaced the 1995 EU Data Protection Directive (DPD) with the goal of significantly enhancing the protection of the personal data of EU citizens and increasing the obligations of organizations who collect and/or process personal data.

GDPR_blog-1

Although the GDPR is an EU regulation, its rules still apply to any business that markets or sells their products to EU consumers and/or that monitors the behavior of people in the EU. Basically, if you’re located outside of the EU but you control or process the data of EU citizens, the GDPR applies to your organization.

The GDPR ensures eight rights for individuals, including granting consumers easier access to the data companies hold about them, requiring companies to inform consumers about such data collection, and necessitating companies to obtain consumer consent before data collection occurs.

If you're curious, take a look at how HubSpot navigates the GDPR.

Since going into effect last year, the GDPR has already made headlines -- regulators fined Google $57 million in January of this year for not properly disclosing to users how the company collected their data for personalized advertisements.

To mark the one year anniversary of the GDPR going into effect, HubSpot partnered with Professor Nicole Votolato Montgomery at the McIntire School of Commerce at the University of Virginia to evaluate EU versus U.S. consumers’ perceptions of the current organizational data practices, online consumer-company interactions, and organized responses to privacy regulations. We wanted to explore how (and if) consumer attitudes have changed a year later, since we last conducted a survey on GDPR.

We surveyed a group of 1,115 subjects across the U.S. and EU (United Kingdom, Germany, and France).

Unlock tips, systems & recommended resources to stay ahead of the tech curve.

Consumers’ focus on the GDPR has declined.

In 2019, consumers aren’t as focused on the GDPR as they were before its implementation in 2018. In the EU overall, the number of respondents reporting that they were familiar with the GDPR dropped by 6.6%.

In the U.S., consumers’ focus remains relatively consistent, but overall, far fewer Americans are familiar with the GDPR than in European countries.

general-data-protection-regulation-consumer-attitudes_6

Fewer consumers report that the GDPR has improved their interactions with companies.

Since 2018, the number of EU and U.S. consumers that claim that the GDPR improved their interactions with companies decreased, with France experiencing the largest decrease of 6%. While the U.S. saw a decrease of less than 2%, more American consumers report improved interactions in both 2018 and 2019 than E.U. consumers.

general-data-protection-regulation-consumer-attitudes_12

However, when asked whether they believe that something similar to the GDPR should be instituted in the U.S., only half of American consumers responded positively.

general-data-protection-regulation-consumer-attitudes_9

Additionally, while most consumers report that the GDPR hasn’t improved their interactions with companies in the past year, over 63% of EU consumers believe that the GDPR has had a positive impact on consumer data privacy in 2019 - fewer consumers in the U.S. and Germany versus other EU countries report this belief.

general-data-protection-regulation-consumer-attitudes_10

Fewer consumers are concerned with how companies are collecting their personal data.

Even though the majority of EU and U.S. consumers report that the GDPR hasn’t improved their interactions with companies since 2018, fewer consumers responded that they’re likely to opt-out of company data collection, with U.S. and U.K. consumers remaining relatively consistent.

general-data-protection-regulation-consumer-attitudes_2

Plus, the number of EU consumers who report that they’d go a step further to request that companies delete all the information stored about them decreased in the last 12 months, yet increased by almost 5% in the US.

general-data-protection-regulation-consumer-attitudes_4

Fewer consumers expect companies to alter their behavior because of the GDPR.

Consumers in the EU and U.S. express lower expectations when it comes to companies changing the way they demonstrate, update, and even change the way they address data privacy. Fewer EU and U.S. consumers over the course of the last year expect companies to educate them on how they plan to follow the new GDPR regulations.

general-data-protection-regulation-consumer-attitudes_5

Fewer still expect organizations to update their data protection policies since 2018 or to stop selling data to other companies.

Plus, while one of the main tenets of the GDPR is to illuminate data collection transparency, the number of consumers across the EU and U.S. who expect this transparency decreased in 2019, compared to 2018.

general-data-protection-regulation-consumer-attitudes_7

Consumers’ expectations about companies’ responses to the GDPR are country-specific.

While consumers across the EU and U.S. are mostly unified in their perceptions of the GDPR, their expectations for companies in response to the privacy regulation differ by country.

U.S. consumers’ primary expectation about these regulations from 2018 to 2019 remains unchanged - that companies would update their data protection policies. Meanwhile, EU consumers in 2018 expected companies to stop selling data to other companies, and in 2019, their expectations mirror those of U.S. consumers.

In the U.K., consumers value the transparency of company data practices more over the past 12 months, while French consumers value transparency less. German consumers’ expectations, however, remain consistent.

Research Methodology

HubSpot Research partnered with the University of Virginia to survey consumers in the U.S. and Europe in 2018 and 2019. 540 consumers in the EU and the U.S. were asked to respond to survey questions about organizations’ data collection and usage practices and privacy policies in 2018 (the year GDPR went into effect).

1,115 consumers in the EU and the U.S. were asked to respond to the same questions in 2019 (one year after GDPR).

Stay Current on Emerging Tech

 

Related Articles

We're committed to your privacy. HubSpot uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Use this guide to stay ahead of the tech curve.

Marketing software that helps you drive revenue, save time and resources, and measure and optimize your investments — all on one easy-to-use platform

START FREE OR GET A DEMO