In addition to data protection, the EU’s General Data Protection Regulation (GDPR) requires businesses to ensure consumers can exercise their data privacy rights. But first, individuals must know these rights.
In our 2019 GDPR Small Business Survey, we asked European small business leaders how well they understood their obligations under the GDPR. The results were mixed. While many businesses invested heavily in complying with the GDPR, others seemed not to care. Around half were reported not GDPR compliant on two major aspects of the law.
The survey was a comprehensive look at whether organizations understood how to comply with the GDPR. And it made us wonder about the other side of the GDPR, the people it is intended to benefit: consumers.
The objective of the GDPR was to give individuals more control over their personal data, and it goes about doing this by requiring data protection (ensuring businesses keep data secure) and data privacy (ensuring people can exercise their right to privacy). If companies work hard to be GDPR compliant for the benefit of their current and potential customers, do the consumers know enough about the GDPR to recognize those compliance efforts? How well do they know their GDPR data privacy rights?