Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GDPR: Is it worth it? Perceptions of workers who have experienced its implementation

Gerard Buckley, Tristan Caulfield, Ingolf Becker

TL;DR

This study probes whether GDPR is worth it from a dual consumer–employee perspective by surveying UK workers who experienced GDPR in and out of the workplace. Using a three-phase design (phase 2: N=273; phase 3: N=102), it finds high consumer awareness of GDPR, moderate regulator recognition, and strong perceived improvements in personal data privacy, alongside observed organizational changes and positive views of GDPR for employers. A regression centered on the notion that privacy improvement drives overall worth achieves $R^2=0.687$, highlighting privacy gains as a key mediator of perceived value. The findings suggest policymakers can leverage public support by emphasizing tangible privacy benefits and fence-sitting concerns, while maintaining credible enforcement signals. Overall, the evidence indicates GDPR is valued by informed workers despite costs and complexity, offering practical guidance for future regulatory design.

Abstract

The General Data Protection Regulation (GDPR) remains the gold standard in privacy and security regulation. We investigate how the cost and effort required to implement GDPR is viewed by workers who have also experienced the regulations' benefits as citizens: is it worth it? In a multi-stage study, we survey N = 273 & 102 individuals who remained working in the same companies before, during, and after the implementation of GDPR. The survey finds that participants recognise their rights when prompted but know little about their regulator. They have observed concrete changes to data practices in their workplaces and appreciate the trade-offs. They take comfort that their personal data is handled as carefully as their employers' client data. The very people who comply with and execute the GDPR consider it to be positive for their company, positive for privacy and not a pointless, bureaucratic regulation. This is rare as it contradicts the conventional negative narrative about regulation. Policymakers may wish to build upon this public support while it lasts and consider early feedback from a similar dual professional-consumer group as the GDPR evolves.

GDPR: Is it worth it? Perceptions of workers who have experienced its implementation

TL;DR

This study probes whether GDPR is worth it from a dual consumer–employee perspective by surveying UK workers who experienced GDPR in and out of the workplace. Using a three-phase design (phase 2: N=273; phase 3: N=102), it finds high consumer awareness of GDPR, moderate regulator recognition, and strong perceived improvements in personal data privacy, alongside observed organizational changes and positive views of GDPR for employers. A regression centered on the notion that privacy improvement drives overall worth achieves , highlighting privacy gains as a key mediator of perceived value. The findings suggest policymakers can leverage public support by emphasizing tangible privacy benefits and fence-sitting concerns, while maintaining credible enforcement signals. Overall, the evidence indicates GDPR is valued by informed workers despite costs and complexity, offering practical guidance for future regulatory design.

Abstract

The General Data Protection Regulation (GDPR) remains the gold standard in privacy and security regulation. We investigate how the cost and effort required to implement GDPR is viewed by workers who have also experienced the regulations' benefits as citizens: is it worth it? In a multi-stage study, we survey N = 273 & 102 individuals who remained working in the same companies before, during, and after the implementation of GDPR. The survey finds that participants recognise their rights when prompted but know little about their regulator. They have observed concrete changes to data practices in their workplaces and appreciate the trade-offs. They take comfort that their personal data is handled as carefully as their employers' client data. The very people who comply with and execute the GDPR consider it to be positive for their company, positive for privacy and not a pointless, bureaucratic regulation. This is rare as it contradicts the conventional negative narrative about regulation. Policymakers may wish to build upon this public support while it lasts and consider early feedback from a similar dual professional-consumer group as the GDPR evolves.
Paper Structure (38 sections, 6 figures, 13 tables)

This paper contains 38 sections, 6 figures, 13 tables.

Table of Contents

  1. Introduction
  2. Background to the GDPR
  3. Literature review
  4. Consumer awareness and knowledge of the regulation
  5. Consumer awareness and knowledge of the regulator
  6. Consumer perceptions of privacy
  7. Business response to Data Protection regulation
  8. Employee awareness of their employer's Data Protection regulator
  9. Employee perception of benefit of the GDPR to their employer
  10. The research goal is the consumer/employee perception of the GDPR
  11. Summary
  12. Methods
  13. Design
  14. Data Analysis
  15. Ethical considerations
  16. ...and 23 more sections

Figures (6)

  • Figure 1: Violin plot of participants self-evaluated knowledge of GDPR consumer rights.
  • Figure 2: Violin plot showing the percentage of questions correctly answered about consumer rights.
  • Figure 3: Distribution of answers to 'How well do you know what your company has to do in order to comply with GDPR?' on a scale of 0--100.
  • Figure 4: Average observed change in the company due to GDPR.
  • Figure 5: Average absolute difference between Likert responses between the pilot and main study for questions relating to observed changes due to the GDPR.
  • ...and 1 more figures