GDPR's First-Year Impact by the Numbers
The latest statistics on GDPR spending, compliance rates, enforcement, and consumer attitudes on privacy protection.
May 31, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltfd939f9129f8d424/64f0d0b263eca04a6752192c/1.jpg?width=700&auto=webp&quality=80&disable=upscale)
It has been a year since the EU General Data Protection Regulation (GDPR) compliance deadline kicked in, and in that time the landmark privacy and cybersecurity regulatory rules have made waves worldwide among enterprises with European connections. GDPR has raised the bar for privacy and security awareness at the board level, as well as assured continued increases in security and compliance spending at most large organizations in the coming years.
Of course, the efficacy of the regulation still remains a point of contention. Consumer surveys show that many European citizens are still skeptical about the benefits they've received from GDPR protections so far, and enterprise surveys show that compliance is still a work in progress.
Here are some of the latest statistics that offer up signposts of where we are with GDPR at the one-year anniversary.
Even with all of the money being spent and the people-hours dedicated to GDPR worldwide, a year later the needle on compliance and privacy progress hasn't moved much at many organizations. For example, one survey by Talend found that 70% of companies can't comply with the level of data access offered to their consumers in GDPR-mandated privacy policies. And the survey conducted by Thomson Reuters found that 48% of organizations worldwide are failing to meet GDPR requirements.
Meanwhile, a study released this week by ImmuniWeb researchers found that even compliance with GDPR's more simple website privacy and security requirements is spotty among the 100 most visited websites in Europe. For example, over half of these sites had missing or hard-to-find privacy policies, and almost eight in 10 had insecure usage of cookies that were handling potentially sensitive data.
Even though there's clearly still more work to go, the good news is that the number of data protection officers (DPOs) at organizations has grown with GDPR's mandates. According to IAPP figures from this month, approximately 376,306 organizations have registered DPOs so far in 12 of 28 EU member states, leading the industry group to extrapolate an estimate of 500,000 total DPO registrations across Europe.
The group reports a "spike in renumeration" for all privacy professionals in the past year. Registered DPOs are frequently chief privacy officers, for which IAPP reports an average salary of $220,000. However, not all DPOs are cut from that cloth, and the average salary for these privacy decision makers is a much more modest $88,000. This delta indicates that many junior-level DPOs may still need more training and experience to elevate their position and standing within their organizations to make an impact.
"Just appointing a DPO isn't enough," says IAPP CEO Trevor Hughes. "Organizations must ensure that DPOs are trained and qualified to address one of the defining tech policy issues of our time: protecting privacy and individuals' data."
Meantime, among the consumers that GDPR is meant to protect, the awareness of increased GDPR privacy protections is growing significantly. The EDPB reports that the percentage of EU citizens who have heard of there being a public authority in their country who is responsible for protecting data privacy rights has increased by 20 percentage points in the past four years, with 67% of EU citizens reporting they've at least heard of GDPR.
At the same time, many of these European citizens are still cynical about GDPR's benefits. A report by TrustArc and Ipsos shows that fewer than half of UK citizens have exercised GDPR rights, such as opting out of cookie installs or restricting company use of personal data. And only about 36% say they trust companies more with their personal data since GDPR came into effect a year ago. In addition, an even broader survey by Ogury found that across more than 280,000 global consumers, 55% say that since the data transparency provisions of GDPR were passed, they still don't have a better understanding of how companies use their data.
Meantime, among the consumers that GDPR is meant to protect, the awareness of increased GDPR privacy protections is growing significantly. The EDPB reports that the percentage of EU citizens who have heard of there being a public authority in their country who is responsible for protecting data privacy rights has increased by 20 percentage points in the past four years, with 67% of EU citizens reporting they've at least heard of GDPR.
At the same time, many of these European citizens are still cynical about GDPR's benefits. A report by TrustArc and Ipsos shows that fewer than half of UK citizens have exercised GDPR rights, such as opting out of cookie installs or restricting company use of personal data. And only about 36% say they trust companies more with their personal data since GDPR came into effect a year ago. In addition, an even broader survey by Ogury found that across more than 280,000 global consumers, 55% say that since the data transparency provisions of GDPR were passed, they still don't have a better understanding of how companies use their data.
It has been a year since the EU General Data Protection Regulation (GDPR) compliance deadline kicked in, and in that time the landmark privacy and cybersecurity regulatory rules have made waves worldwide among enterprises with European connections. GDPR has raised the bar for privacy and security awareness at the board level, as well as assured continued increases in security and compliance spending at most large organizations in the coming years.
Of course, the efficacy of the regulation still remains a point of contention. Consumer surveys show that many European citizens are still skeptical about the benefits they've received from GDPR protections so far, and enterprise surveys show that compliance is still a work in progress.
Here are some of the latest statistics that offer up signposts of where we are with GDPR at the one-year anniversary.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024