50 Shocking GDPR Statistics You Should Know About (2023 Version)

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation established to protect data. This applies to data processing done by organizations and companies in the EU. It also applies to organizations and companies processing data of European citizens. The GDPR is based on 7 principles, namely:

1. Lawfulness, fairness, and transparency.
2. Integrity and confidentiality
3. Accuracy
4. Purpose limitation
5. Storage limitation
6. Data minimization
7. Accountability

50 GDPR Statistics That Show the Importance of Data Protection & Compliance

While GDPR is largely an EU regulation, it has global implications. Here's a list of GDPR statistics and facts that show how consumers value data privacy and why the GDPR is to be taken seriously: 

1. According to the 2019 Cisco Data Privacy benchmark study, 59% of respondents stated that their organizations meet all GDPR standards. 
   
   
2. This same 2019 study also explained that 29% of organizations hoped to be ready in less than a year. (Cisco Data Privacy benchmark study 2019)
   
   
3. Only 9% of the organizations admitted that it would take over a year to be GDPR-compliant. (Cisco Data Privacy benchmark study 2019)
   
   
4. However, 3% of the organizations did not think GDPR applied to them. (Cisco Data Privacy benchmark study 2019)
   
   
5. 47% of respondents are more likely to trust companies that follow GDPR guidelines when using their personal data. (Cisco Data Privacy benchmark study 2019)
   
   
6. 93% of American decision-makers claimed to have taken some steps to meet GDPR standards. (Egress Survey)
   
   
7. According to a 2019 Egress Survey, 58% of organizations found an overlap between the CCPA (California Consumer Protection Act) and GDPR compliance. (Egress Survey)
   
   
8. While many believe that consent to use personal data is an essential part of GDPR, only 50% of organizations have given attention to their methods of obtaining consent. (Egress Survey)
   
   
9. As a result of GDPR, 52% of consumers feel they have more control over their data and how it is used. (Cisco Data Privacy benchmark study 2019)
   
   
10. However, 47% of respondents admitted they receive too many privacy-related notifications due to GDPR regulations. (Cisco Data Privacy benchmark study 2019)
    
    
11. Yet 59% of people agreed they could practice their data protection rights better because of GDPR. (Cisco Data Privacy benchmark study 2019)
    
    
12. GDPR-ready companies experienced lower data breach costs. 37% of these companies lost more than $500,000 in 2019. (Cisco Data Privacy benchmark study 2019)
    
    
13. However, 64% of companies that were not GDPR-ready lost over $500,000 in 2019. (Cisco Data Privacy benchmark study 2019)
    
    
14. When it comes to social media platforms, Facebook has ownership of 80% of the market share in the EU. (ResearchGate)
    
    
15. Regarding search engines, Google owns a whopping 90% of the market share. (ResearchGate)
    
    
16. According to the UN, 71% of countries have data privacy regulations in place to protect citizens. 
    
    
17. 9% of countries have draft laws. (UN)
    
    
18. Only 15% of countries are without data protection regulations, showing the global impact of the GDPR. (UN)
    
    
19. At least 20 non-EU countries have enacted regulations and laws like the GDPR. (Reed Smith)
    
    
20. 60% of consumers aware of GDPR and other data protection acts see the benefits of these regulations. (Cisco Data Privacy benchmark study 2019)
    
    
21. 71% of respondents feel that their companies and organizations can do more to strengthen privacy policies. (2022 Global Privacy Benchmarks Report)
    
    
22. 62% of UK citizens feel more at ease about sharing their data as a result of GDPR. (Persona)
    
    
23. 66% of American citizens are eager for the U.S. to establish data protection laws like the GDPR. (Persona)
    
    
24. 32% of American companies recently appointed data protection officers. (Persona)
    
    
25. 27% of U.S. companies spent over $500,000 to reach GDPR requirements. (Persona)
    
    
26. When choosing a product or vendor in their supply chain, 82% of companies consider various privacy certifications before making their purchase. (Cisco Data Privacy benchmark study 2019)
    
    
27. 25% of consumers have submitted DSAR (Data Subject Access Request) to find out what companies have stored or collected about them. (Cisco Data Privacy benchmark study 2019)
    
    
28. 17% of these users have requested that certain information get removed or changed. (Cisco Data Privacy benchmark study 2019)
    
    
29. According to the Cisco Data Privacy benchmark study in 2019, India had the highest percentage (49%) of its respondents who request information about their data.
    
    
30. According to a survey, 80% of people in the USA did not feel in control of their personal data and were concerned about how organizations and companies were using it. (Pew Research Center) 
    
    
31. After the Facebook and Cambridge Analytica survey in 2018 that violated privacy policies, 73% of consumers have expressed growing concern about how their information is used online. 
    
    
32. 86% of consumers are more aware of how brands target them since the Cambridge Analytica survey. (Slick Text)
    
    
33. Over 50% of consumers unsubscribed to email newsletters as a result of the Cambridge Analytica survey. (Slick Text)
    
    
34. Over 66% of consumers have said they would stop supporting a company if their data was breached or shared without permission. (Adobe)
    
    
35. The EU’s GDPR is said to be the most demanding data privacy legislation around the globe with 67% of EU citizens aware of GDPR. (EU) 
    
    
36. 61% of countries (excluding EU countries) have data protection regulations in place, but they are not as strict as the EU’s GDPR. (DLA Piper)
    
    
37. About 1,000 non-EU websites decided to block EU users instead of trying to be GDPR-compliant. (Fortune)
    
    
38. According to the 2018 IAPP-EY Annual Privacy Governance Report, many businesses agreed that the right to be forgotten was one of the biggest challenges of adhering to GDPR requirements. 
    
    
39. 75% of businesses agreed that it was increasingly difficult to gain the trust of their consumers after the 2020 pandemic since it increased data privacy concerns. (Adobe)
    
    
40. 38% of people aware of GDPR were not in favor of its regulations. (Cisco Data Privacy benchmark study 2019)
    
    
41. On the other hand, only 24% of respondents who were unaware of GDPR were not comfortable with its regulations. (Cisco Data Privacy benchmark study 2019)
    
    
42. 73% of consumers feel that it is of no benefit to them when businesses or brands collect their data. (Adobe)
    
    
43. 52% of EU organizations and companies have notified the authorities of a breach in data security due to the demanding GDPR regulations. (Pew Research Center)
    
    
44. However, only 22% of U.S-based companies notified the authorities when there was a data breach. (Pew Research Center)
    
    
45. During 2019, there were 278 data breach notifications per day. (DLA Piper)
    
    
46. 87% of EU citizens agree that cybercrime is a crucial problem. (EU Agency for fundamental rights: Fundamental Rights Report 2019)
    
    
47. 79% of adult consumers were very concerned over how companies use their data. (Pew Research Center)
    
    
48. While 64% of consumers stated they were concerned about how government organizations use their data. (Pew Research Center)
    
    
49. 84% of consumers are more likely to be loyal to a company if they have strong data security controls. (Salesforce Research)
    
    
50. 42% of companies showed that privacy investments benefited their companies. (Cisco Data Privacy benchmark study 2019)
    

👉 Want more GDPR statistics? Check out our list of the biggest GDPR fines