Did the GDPR improve data security? One year later, professionals question its efficacy.
- A new survey of 3,000 professionals in the U.S., Europe and Asia reveals that just 39% of respondents feel their personal data is more secure under the European Union's data protection and privacy measure.
- As a result of GDPR compliance, 57% of respondents say their businesses have implemented stricter data protection processes to secure customer data.
- 74% of respondents say the tech industry needs more regulations to improve cybersecurity.
More than half of the world's population can connect to the web. As a result, the amount of data that flows freely over the internet – including sensitive personal data – has created a cybersecurity industry that's expected to balloon to $300 billion by 2024. It's also spurred governments to step in to protect users' privacy and data. One such measure was the European Union's General Data Protection Regulation (GDPR).
The GDPR, which went into effect last year, is the EU's wide-net approach to protect its citizens' data and privacy. The law applies to all businesses that deal in EU citizens' customer data, regardless of the company's size, industry or country of origin. As a result, companies with an online presence had to comply with the new rules. But did GDPR regulations actually make people feel more secure?
According to a newly released study from Snow Software, internet users have conflicting feelings about the GDPR rules and its ability to keep sensitive information safe. Of the more than 3,000 professionals from the U.S., Europe and Asian Pacific regions that were surveyed, just 39% of respondents said they felt their personal data was more secure under the GDPR. Furthermore, 34% said they felt the same as they did before data protection regulation became law, 20% said they were unsure, and 6% said they felt their data was less secure.
"One year since the introduction of GDPR, the regulation has started a global dialogue around how customer data is cared for and, if nothing else, has helped strengthen best practices to ensure data protection," said Alastair Pooley, chief information officer at Snow.
Following GDPR implementation, workers notice changes
As one of the most powerful tools at our disposal, the internet is integral to almost every business. As such, once the GDPR requirements became the de facto global standard, companies around the world changed how they handled their customers' data so they could avoid penalties for noncompliance.
The survey asked people in different professional roles how safe they felt their data was with GDPR rules in effect. Most management-level employees said they felt their data was more secure, with 55% of vice presidents and C-level employees, 52% of directors, and 47% of managers reporting in the positive. Independent contractors, however, felt the opposite, as just 26% of specialists, 27% of entry-level employees and 29% of associates felt their data was more secure.
According to Snow's survey, more than half of respondents (57%) said they witnessed stricter policies at work surrounding the use of technology and customer data after their companies became GDPR compliant. While workers in most regions answered that way, European respondents were the most likely to notice changes, as 70% said the changes were noticeable. In comparison, 61% of Asia Pacific respondents and 40% of American workers said they'd noticed policy changes at work.
Location wasn't only a factor for changes in the workplace. Of the survey respondents who reported working at a medium-sized business with 100 to 1,000 employees, 65% said they'd noticed policy changes once the GDPR rules went into effect.
Though most workers said they'd noticed changes, Pooley noted that the remainder of people who hadn't felt any changes still made up a large portion of the workforce. Even though the changes may not have been fully grasped by some workers, he said the data protection directive is working.
"Whilst workers themselves may not directly feel this impact yet, the increase in data breach notifications being reported to the UK's Information Commissioner's Office is noteworthy, as it suggests that transparency was seriously lacking prior to enforcement," Pooley said. "There is still a lot to do, but it is clear that considerable steps have been made by organizations worldwide to ensure there are enhanced data protection efforts and improved transparency globally."
How GDPR has changed how people use the internet
Along with its impact on businesses, Snow's research investigated how people were reacting to the data protection law and its effect on their internet use in the last year. What the data found, officials said, was that people were slightly annoyed at the increase of data privacy popups, but still felt more security measures were needed.
According to the survey, 74% of global respondents said they noticed an increase in popups or opt-ins requesting consent for using personal information. Generally, these notices are meant to inform users that their "cookies" are used for analytics, personalized content and potential marketing opportunities.
Since those notices have become a more common occurrence on the internet, 19% of respondents said the requests "negatively impacted their productivity," while 32% said they were increasingly annoyed by them. Approximately 49% of respondents said they either saw an increase or no change in the amount of spam they receive, regardless of the GDPR rules.
"The question that remains to be seen is whether the regulation and the controls implemented in its name will be strong enough to stand up to the rising tide of threats we face in the years ahead," said Pooley.
Even though the GDPR data privacy laws have caused some annoyance, 74% of respondents said they felt the tech industry needed more regulations put in place. When considering the current state of tech regulation, 24% of respondents said they felt vulnerable, 19% said they were worried, and 29% said they were hopeful.