One Year In, Workers Set Relationship Status with GDPR to “It’s Complicated”
On May 25, 2018, General Data Protection Regulation (GDPR) enforcement went into effect, reshaping the way organizations handle and better protect consumer data. From a dramatic increase in breach notifications to new standoffs between tech giants and regulators, a lot has happened over the past year, and GDPR is now being used as a blueprint for additional data protection and privacy legislation around the world. As a part of a larger retrospective on the regulation, Snow conducted a survey of 3,000 professionals in the United States, Europe and Asia Pacific to see how workers around the world feel about GDPR.
One of the biggest takeaways from the survey: workers have mixed feelings about GDPR and its effectiveness, and those reactions vary greatly based on where they live, how old they, what they do for a living and the size of their employer.
People still don’t feel protected
When asked whether respondents felt their data was more protected one year after GDPR enforcement, just 39% of respondents said yes. Another 34% believed it is the same, 20% are unsure and 6% felt less protected.
There is a clear disconnect between companies attempting to comply with GDPR and the end-users whose data the regulation was created to protect. This breakdown becomes even more striking when you consider the regional and demographic perspectives.
Surprisingly, 48% of employees in Asia Pacific reported their data is more secure compared to one year ago. While 40% of Europeans shared that sentiment, nearly as many felt nothing had changed. Respondents from the United States were the most skeptical, with only 30% saying their data was more secure.
The results from US respondents are likely impacted by the lack of federal data protection regulations. While many global organizations have applied the same compliance standards to all consumers, and progress has been made on state-level regulations like the California Consumer Privacy Act (CCPA), the US still lags behind Europe and countries like Australia in consumer data protection.
When it comes to generational divides, millennials are more likely to feel their data is protected (44%) compared to baby boomers (21%). Yet when it came to employee roles, the majority of management-level employees said they believe their data is more secure (55% of vice presidents and C-levels, 52% of directors and 47% of managers), while far fewer independent contributors feel their data security has improved (26% of specialists, 27% of entry-level employees and 29% of associates).
Policies and pop-ups are on the radar
Globally, 57% of employees noticed stricter technology and data policies at work following GDPR. When broken down by region, more than 70% of Europeans and 61% of Asia Pacific workers were aware of stricter policies, followed by just 40% of Americans.
From a company size perspective, workers at mid-sized businesses with 100 to 1000 employees were most likely to have been impacted by GDPR, with 65% responding that they noticed stricter policies over the past year.
Pop-ups and opt-in messages have become more common as companies focus on GDPR compliance. Around 32% of those surveyed are annoyed by these requests, while 19% believe they negatively impact their productivity.
Mixed impact on tech regulation sentiment
When first introduced, GDPR was a sweeping regulation that instantly garnered calls for additional data protection legislation in other countries. As higher profile data breaches and viral fake news become an almost common occurrence, there is continued debate about the need to better regulate technology companies.
When global respondents were asked about this topic, 74% of workers said that the technology industry does need more regulation. On a regional level, 83% of workers in Asia Pacific, 72% in the United States and 68% in Europe agreed that the industry needs additional regulations.
Younger workers were generally more emotional than older workers in response to the current state of technology regulations, feeling hopeful (32%) and safe (29%) yet vulnerable (24%). Only 15% of millennials reported not having strong feeling about technology regulations, in stark contrast to the 36% of boomers who don’t care about them. The second most common response from older workers is that they feel vulnerable (21%).
In terms of employee role, vice presidents and C-level executives generally felt more hopeful (45%) and safe (36%) in regard to the current state of technology regulations. Specialists were most likely to feel vulnerable (28%), interns were most likely to feel worried (24%) and entry-level workers were most likely to report not having strong feeling about technology regulations (29%).
Enforcement in the future
We may be one year into GDPR, but data protection still has a long way to go. GDPR’s impact on workers provides an important window into the need for more transparency, education and communication around tech regulations. However the recent report that European officials believe larger fines are forthcoming does indicate that enforcement will increase over the course of the next year.
As consumers’ relationship to technology continues to evolve, it is also important for companies to consider whether the resources required to gain compliance are being properly invested, and if they should expect ongoing data protection and privacy regulations to be introduced sooner than anticipated.
To learn more about how technology intelligence is vital to compliance, check out our guide to the secret weapon in your GDPR toolkit.