“The research tells a tale of two reactions regarding the impact of the GDPR on consumer privacy attitudes. On a positive note, more than one third of the respondents we questioned trust companies and organisations with their personal data more since GDPR came into effect one year ago, and there is also favorable feedback on enforcement efforts,” said Chris Babel, CEO, TrustArc. “But companies should not interpret this to mean that their work is complete. Providing more transparent ways to demonstrate GDPR compliance and ensuring they respond to privacy rights requests in a timely manner will go a long way toward further improving consumer trust and increasing website use and online purchasing.”
A summary of the key findings follows.
1. Trusting Companies With Personal Data Is Increasing
36% of respondents trust companies and organisations with their personal data more since the GDPR privacy regulation came into effect one year ago (rising to 44% among 16 to 24-year-olds and 41% among 25-34 year olds). Only one-third or less of those aged 35-44, 45-54, and 55-75 report being more trusting. Women, at 38%, expressed more trust in companies and organisations than men at 33%.
2. Understanding GDPR Compliance Is Challenging
25% of respondents are confident they can tell if a company or organisation is GDPR compliant versus 33% who are not confident. There were some differences based on geographic location with respondents in Northern Ireland indicating they are confident at 33%, which was significantly higher than those in Wales at 17%.
3. Privacy Certifications Can Influence Behavior
57% of respondents would be more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance versus 9% who are not. There were notable differences based on geographic location; respondents in Scotland were significantly more likely to be confident (67%) than those anywhere else in England.
56% are more likely to do business with companies and organisations that have a certification mark or seal to demonstrate GDPR compliance, versus 8% who disagree. Agreement is higher among households with larger incomes (65%).
4. Young Adults Are Most Positive About How Well GDPR Enforcement Has Worked
34% of respondents agree that the regulatory enforcement of the GDPR privacy regulation has worked well versus 14% who disagree this is the case. There were significant differences based on age with younger respondents more likely than older respondents to agree this regulation has worked well (46% of 16 to 24-year-olds agree compared with 28% of those aged 55-75).
5. Respondents Are Exercising GDPR Privacy Rights
47% of respondents have exercised their GDPR privacy rights by sending one or more of eight requests to a website, company or organisation. When asked which of these eight rights respondents had exercised in the past 12 months, the results were:
● Opting out of/Unsubscribe to email marketing = 35%
● Opting-out of /not consenting to install cookies = 23%
● Restrict use of my personal data = 13%
● Erase my personal data = 10%
● Correct my personal data = 6%
● To request access to your personal data: 5%
● To request to transfer your personal data: 3%
● To make a privacy complaint to a regulator: 3%
There were significant differences based on respondent gender with 52% of females and 42% of males exercising their rights in this respect.
43% of respondents claimed not to have exercised these privacy rights in the past 12 months. Exercising these rights increases progressively with age: 32% of 16-24-year-olds, 33% of 25-34 year-olds, 45% of 35-44 year-olds, 46% of 45-54 year-olds, and 52% of 55-75 year-olds.