Report: 6 in 10 US-based Employees Unaware of GDPR

A lack of GDPR awareness among U.S. employees is just one key statistic found in MediaPro's 2018 Eye on Privacy report analyzing data privacy knowledge.

With just five months remaining until the EU’s General Data Protection Regulation (GDPR) goes into effect, new research from MediaPro shows more than half of US-based employees have never heard of the forthcoming regulation.

With 54 percent of U.S. companies citing GDPR readiness as a top priority, this lack of understanding among the average U.S. employee could prove costly.  Fines for GDPR non-compliance could total up to 4 percent of an organization’s annual global turnover or $27 million U.S. dollars, whichever is greater. The GDPR, which any organization worldwide must comply with if they handle the personal data of EU citizens, goes into effect May 25 this year.

This data on GDPR awareness comes from MediaPro’s 2018 Eye on Privacy Report, a survey of more than 1,000 U.S. residents testing their knowledge on data privacy best practices and both global and national privacy regulations. Topics included when to report potential privacy incidents, what qualifies as sensitive data, and how often they grant access to third-party applications on phones or mobile devices.
Additional findings of the report include:

  • 59 percent of respondents said the GDPR was “completely new” to them
  • 8 percent of respondents said they were unsure if they should report a cybercriminal stealing sensitive client data while at work
  • Finance sector employees did not consider tax information any more sensitive than respondents from the six other industries, including education and healthcare, included in the survey
  • Respondents in the technology sector demonstrated the least ability to correctly identify scenarios that could put private data at risk, such as reportable privacy incidents

“With these survey results and the surprisingly low levels of privacy and security awareness found in our recent 2017 State of Privacy and Security Awareness Report, companies need to take these topics  more seriously leading into 2018,” said Steve Conrad, MediaPro’s managing director. “The 2018 Eye on Privacy Report shows companies could be doing a better job educating their employees about how to handle sensitive data. It’s time to stop playing with fire when it comes to data privacy – before it’s too late.”

Other concerning results, including the lack of awareness employees have about privacy regulations and handling sensitive data in their personal and professional lives, underscore the need for a culture change around how sensitive data is considered and handled.

“With Data Privacy Day right around the corner and GDPR just months away, now is an ideal time for organizations who haven’t taken data privacy seriously to begin to do so,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance. “Data privacy is everyone’s responsibility, and organizations can prepare their employees to protect against threats through year-round privacy awareness training programs that address privacy concerns at the root of employee culture.”

Survey Methodology

MediaPro surveyed 1,007 U.S. residents concerning data privacy best practices and regulations, both national and global, and analyzed the data by age group and industry sector. Every respondent had to be 18 years or older and employed. The survey asked questions in the context of five real-life scenarios that could play out in nearly any corporate office across the country. Each scenario dealt with a different aspect of data privacy knowledge or a privacy best practice. The survey was conducted in October 2017.

Share this Post

Read Full Report

Related Posts

With the GDPR effective date approaching, here are three things new DPOs should think about regarding privacy awareness.
The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness
Sign up for our free webinar to learn how to tackle the people, policies, process, and technology changes needed to ensure GDPR success.
On-Demand Webinar: Talking to Your C-Suite About the GDPR
In honor of Data Privacy Day on Jan. 28, we're presenting some quick best practice tips for effective privacy awareness programs.
Delivering Data Privacy: 3 Best Practices for Privacy Awareness Programs
Our free GDPR Readiness Toolkit is filled with informational resources designed to help you get ready for the GDPR and achieve a privacy-aware culture.
Resource Toolkit: GDPR Readiness