May 25, 2019 marked the one year anniversary of the EU General Data Protection Regulation enforcement deadline. In the last twelve months, companies across the globe have been working diligently to achieve and maintain compliance under the regulation. The GDPR significantly increased the requirements on how businesses address consumer individual rights. Companies have been tasked with putting processes and systems in place in order to receive, escalate, and accommodate consumer requests. Failure to comply with the GDPR can result in fines, loss of reputation, and expenses associated with responding to any compliance investigations. During the IAPP Global Privacy Summit in DC earlier this month, Ireland Data Protection Commissioner Helen Dixon shared that over 6000 complaints have been launched since May 25, 2018, and eighteen large scale investigations are underway and will be reviewed by the European Data Protection Board this summer.
TrustArc has announced new findings from an online study conducted by Ipsos MORI, a global research and consulting firm, on behalf of TrustArc. The survey polled individuals aged 16-75 in the UK about a number of issues surrounding the GDPR one year since it went into effect on 25 May 2018.
A summary of the key findings follows.
- Trusting Companies With Personal Data Is Increasing
36% of respondents trust companies and organisations with their personal data more since the GDPR privacy regulation came into effect one year ago (rising to 44% among 16 to 24-year-olds and 41% among 25-34 year olds). Only one-third or less of those aged 35-44, 45-54, and 55-75 report being more trusting. Women, at 38%, expressed more trust in companies and organisations than men at 33%.
- Understanding GDPR Compliance Is Challenging
25% of respondents are confident they can tell if a company or organisation is GDPR compliant versus 33% who are not confident. There were some differences based on geographic location with respondents in Northern Ireland indicating they are confident at 33%, which was significantly higher than those in Wales at 17%.
- Privacy Certifications Can Influence Behavior
57% of respondents would be more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance versus 9% who are not. There were notable differences based on geographic location; respondents in Scotland were significantly more likely to be confident (67%) than those anywhere else in England.
56% are more likely to do business with companies and organisations that have a certification mark or seal to demonstrate GDPR compliance, versus 8% who disagree. Agreement is higher among households with larger incomes (65%).
- Young Adults Are Most Positive About How Well GDPR Enforcement Has Worked
34% of respondents agree that the regulatory enforcement of the GDPR privacy regulation has worked well versus 14% who disagree this is the case. There were significant differences based on age with younger respondents more likely than older respondents to agree this regulation has worked well (46% of 16 to 24-year-olds agree compared with 28% of those aged 55-75).
- Respondents Are Exercising GDPR Privacy Rights
47% of respondents have exercised their GDPR privacy rights by sending one or more of eight requests to a website, company or organisation. When asked which of these eight rights respondents had exercised in the past 12 months, the results were:
- Opting out of/Unsubscribe to email marketing = 35%
- Opting-out of /not consenting to install cookies = 23%
- Restrict use of my personal data = 13%
- Erase my personal data = 10%
- Correct my personal data = 6%
- To request access to your personal data: 5%
- To request to transfer your personal data: 3%
- To make a privacy complaint to a regulator: 3%
There were significant differences based on respondent gender with 52% of females and 42% of males exercising their rights in this respect. 43% of respondents claimed not to have exercised these privacy rights in the past 12 months. Exercising these rights increases progressively with age: 32% of 16-24-year-olds, 33% of 25-34 year-olds, 45% of 35-44 year-olds, 46% of 45-54 year-olds, and 52% of 55-75 year-olds.
On behalf of TrustArc, Ipsos MORI interviewed 2,230 adults aged 16-75 across the United Kingdom between 15-17 May 2019. Interviews were carried out online on Ipsos MORI's i:Omnibus. A quota sample of respondents were interviewed with quotas set by age, gender, and geographic region of residence. The final survey data were weighted to the known population of this audience at the analysis data.
TrustArc can help with all phases of GDPR compliance – from building a plan to implementing processes and controls to demonstrating and managing ongoing compliance. Learn more here.