But Only One Quarter Are Confident They Can Tell if a Company or Organization is GDPR Compliant


TrustArc, a leading data privacy management company, today announced new findings from an online study conducted by Ipsos MORI, a global research, and consulting firm, on behalf of TrustArc.


The survey polled individuals aged 16-75 in the UK about several issues surrounding the EU General Data Protection Regulation (GDPR) one year since it went into effect on 25 May 2018.


Over one-third (36%) of adults aged 16–75 trust companies and organizations with their personal data more since GDPR was enacted one year ago.


There are positive sentiments toward enforcement activity, and half (47%) of respondents have exercised some of their GDPR privacy rights. 57% of respondents are also more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance.


“The research tells a tale of two reactions regarding the impact of the GDPR on consumer privacy attitudes. On a positive note, more than one-third of the respondents we questioned trust companies and organizations with their personal data more since GDPR came into effect one year ago, and there is also favorable feedback on enforcement efforts,” said Chris Babel, CEO, TrustArc.


“But companies should not interpret this to mean that their work is complete. Providing more transparent ways to demonstrate GDPR compliance and ensuring they respond to privacy rights requests in a timely manner will go a long way toward further improving consumer trust and increasing website use and online purchasing.”


Key EU GDPR Research Findings


1. Trusting Companies With Personal Data Is Increasing


36% of respondents trust companies and organizations with their personal data more since the GDPR privacy regulation came into effect one year ago (rising to 44% among 16 to 24-year-olds and 41% among 25-34 year olds). Only one-third or less of those aged 35-44, 45-54, and 55-75 report being more trusting. Women, at 38%, expressed more trust in companies and organizations than men at 33%.


2. Understanding GDPR Compliance Is Challenging


25% of respondents are confident they can tell if a company or organization is GDPR compliant versus 33% who are not confident. There were some differences based on geographic location with respondents in Northern Ireland indicating they are confident at 33%, which was significantly higher than those in Wales at 17%.


3. Privacy Certifications Can Influence Behavior


57% of respondents would be more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance versus 9% who are not. There were notable differences based on geographic location; respondents in Scotland were significantly more likely to be confident (67%) than those anywhere else in England.


56% are more likely to do business with companies and organizations that have a certification mark or seal to demonstrate GDPR compliance, versus 8% who disagree. Agreement is higher among households with larger incomes (65%).


4. Young Adults Are Most Positive About How Well GDPR Enforcement Has Worked


34% of respondents agree that the regulatory enforcement of the GDPR privacy regulation has worked well versus 14% who disagree this is the case. There were significant differences based on age with younger respondents more likely than older respondents to agree this regulation has worked well (46% of 16 to 24-year-olds agree compared with 28% of those aged 55-75).


5. Respondents Are Exercising GDPR Privacy Rights


47% of respondents have exercised their GDPR privacy rights by sending one or more of eight requests to a website, company or organization. When asked which of these eight rights respondents had exercised in the past 12 months, the results were:

    • Opting out of/Unsubscribe to email marketing = 35%
    • Opting-out of /not consenting to install cookies = 23%
    • Restrict use of my personal data = 13%
    • Erase my personal data = 10%
    • Correct my personal data = 6%
    • To request access to your personal data: 5%
    • To request to transfer your personal data: 3%
    • To make a privacy complaint to a regulator: 3%


There were significant differences based on respondent gender with 52% of females and 42% of males exercising their rights in this respect.


43% of respondents claimed not to have exercised these privacy rights in the past 12 months. Exercising these rights increases progressively with age: 32% of 16-24-year-olds, 33% of 25-34 year-olds, 45% of 35-44 year-olds, 46% of 45-54 year-olds, and 52% of 55-75 year-olds.


For more information, download the research infographic at GDPR Consumer Research Infographic and a summary of the survey questions and responses at GDPR Consumer Research Survey.


Research Methodology


On behalf of TrustArc, Ipsos MORI interviewed 2,230 adults aged 16-75 across the United Kingdom between 15-17 May 2019. Interviews were carried out online on Ipsos MORI’s i:Omnibus. A quota sample of respondents were interviewed with quotas set by age, gender, and geographic region of residence. The final survey data were weighted to the known population of this audience at the analysis data.