This statistic shows the views as to whether general data protection regulation (GDPR) has been a good thing for European consumers. ** percent of the respondents agreed that GDPR has been a good thing for European consumers. This statistic addresses one of the biggest myths in the European tech ecosystem.

Abstract

The General Data Protection Regulation (GDPR) stands as one of the most significant legal frameworks for data protection and privacy in recent years. Enforced by the European Union (EU) since May 2018, the GDPR has garnered global attention due to its wide-reaching impact on businesses, organizations, and individuals, transcending geographical boundaries. While initially conceived to safeguard the data rights of EU citizens, its influence extends far beyond EU member states… See the full description on the dataset page: https://huggingface.co/datasets/AndreaSimeri/GDPR.

Between 2018 and 2022, there has been a significant increase in the level of awareness around the General Data Protection Regulation (GDPR) among European users. In 2018, when the GDPR was first applied, the United Kingdom had the highest level of awareness, with 32 percent of respondents agreeing or strongly agreeing with the statement: "I am aware of the new General Data Protection Regulation (GDPR) that will be introduced in May 2018". In 2022, the share of UK respondents agreeing with the statement increased to 73 percent. France had the lowest level of awareness in 2018, 20 percent, whereas in 2022 it reached 47 percent but remained the lowest among other European markets.

This graph shows the results of a survey about the future GDPR impact on M&A due diligence in 2018, by region. In the EMEA area, ** percent of European professionals involved in M&A transactions believed that by 2022 the General Data Protection regulation will increase acquirers’ scrutiny of the data protection policies and processes of target companies.

Introduction

GDPR Statistics: ​In 2024, enforcement of the General Data Protection Regulation (GDPR) intensified across Europe, resulting in significant financial penalties for non-compliance. The Irish Data Protection Commission (DPC) imposed a €310 million fine on LinkedIn for processing personal data without a proper legal basis.

Similarly, Uber faced a €290 million penalty from the Dutch Data Protection Authority for unlawfully transferring European drivers' personal data to the United States. Meta Platforms Ireland Limited was fined €251 million by the Irish DPC due to a 2018 data breach affecting millions of user accounts. Collectively, GDPR fines in 2024 totaled approximately €1.2 billion, marking a 33% decrease from the previous year.

Since the regulation's inception in 2018, cumulative fines have reached €5.88 billion. These figures underscore the ongoing commitment of European authorities to uphold data privacy standards and the substantial financial risks organizations face for non-compliance.

Exploiting the timing and territorial scope of the European Union’s General Data Protection Regulation (GDPR), this paper examines how privacy regulation shaped the financial performance of companies across 31 countries and 22 industries. Con- trolling for firm and country-industry-year unobserved characteristics, we compare the outcomes of firms at different levels of exposure to EU markets, before and af- ter the enforcement of the GDPR in 2018. We find that enhanced data protection had the unintended consequence of harming the profitability of companies targeting European consumers, primarily through the cost channel. Digital technology firms exposed to the regulation experienced a 2.1% decline in profits, but not in sales. We bolster these findings by showing that the GDPR increased extra expenses, added to firms wage bills, and accelerated patenting in GDPR-related technology fields.

Since the enforcement of the General Data Protection Regulation (GDPR) in May 2018, fines have been issued for several types of violations. As of February 2025, the most significant share of penalties was due to companies' non-compliance with general data processing principles. This violation has led to over 2.4 billion euros worth of fines.

Contracts concluded between the Controller and the Processor pursuant to Act No. 18/2018 Coll. and General Data Protection Regulation — GDPR

Since the entry into force of the General Data Protection Regulation (GDPR), on 25 May 2018, only digital processing of the most sensitive personal data must be subject to prior formalities with the CNIL.

These formalities may take the form of simplified declarations (declarations of conformity with a reference framework proposed by the CNIL), requests for an opinion (for the sovereign activities of the State) or applications for authorisation (in the field of health). To find out more: cnil.fr.

In accordance with the amended Data Protection Act (Article 36), the CNIL keeps available to the public the list of these formalities in an open and easily reusable format, known as “List article 36”.

** Warnings:**

1/The published data are the result of the prior formalities completed, since May 25, 2018, by the controllers of personal data processing at the CNIL, via its dedicated teleservices. The CNIL cannot be held responsible for their content.

2/The processing carried out on behalf of the State may not appear in the dataset, the formalities having been completed in the form of requests for an opinion on a draft regulatory act (decree or decree) not submitted via the teleservices mentioned. The information relating to these treatments is available on Legifrance, the opinion of the CNIL being published with the act authorising the treatment (to access the deliberations of the CNIL: https://www.legifrance.gouv.fr/initRechExpCnil.do). In addition, some important treatments are subject to fiches on the CNIL website.

3/Exceptionally exempted from the publication of the regulatory act authorising them (decree or decree) are not included in the published data set, in accordance with article 36 of the amended Data Protection Act. The treatments referred to in Article 30 I and II may be exempted, by decree in the Council of State, from the publication of the regulatory act which authorises them. These treatments are mentioned in Decree n°2007-914 of 15 May 2007.

There is no description available for this dataset.

The goal of this study was to measure the attitudes towards data sharing and data-collecting organizations before and after the introduction of the EU General Data Protection regulations (GDPR) among people in Germany. The data come from a three-wave split-panel web survey among people 18 years and older in Germany who were recruited from a German nonprobability online panel. In April 2018 (before the GDPR came into effect), 2,095 participants completed the Wave 1 questionnaire on device ownership, social media use, trust in different data collecting organizations, willingness to share data, general trust, awareness of and knowledge about the GDPR, and privacy concerns. In July and in October 2018 (after the GDPR came into effect), respondents from the earlier waves were invited to participate in a second and a third web survey that repeated most of the questions from the first wave. In addition to participants from the earlier waves, fresh respondents were also invited to Waves 2 and 3. A total of 2,046 (Wave 2) and 2,117 (Wave 3) respondents completed the questionnaire in the subsequent waves. 1,269 participated in all three waves.

Topics:

Wave 1

Possession of smartphone, mobile phone, PC, tablet and/or e-book reader; social media use: account with user name and password at selected providers (Google, Facebook, Twitter, LinkedIn, Xing); trust in institutions (Google, Facebook, Bundesamt für Statistik, Universitätsforscher) with regard to the protection of personal data and reasons for this assessment; probability scale with regard to the protection of personal data at the above-mentioned institutions and reasons for this assessment; agreement with the import of personal data of the social insurance institutions to the survey data; general personal trust; awareness of the EU General Data Protection regulations (GDPR) ; knowledge test: goals of the GDPR (open); feeling of invaded privacy by the following institutions: Google, Facebook, government agencies, university researchers; general privacy concerns.

Wave 2

Possession of smartphone, mobile phone, PC, tablet and/or e-book reader; social media use: account with user name and password with selected providers (Google, Facebook, Twitter, LinkedIn, Xing); trust in institutions (Google, Facebook, Federal Statistical Office, university researchers) with regard to the protection of personal data; general personal trust; awareness of the EU General Data Protection regulations (GDPR); knowledge test: goals of the GDPR (open); consent to the storage of various personal data by Facebook or Google (name, e-mail address, home address, date of birth, telephone number, income, marital status, number of children, current location, Internet browser history, account names from other social media and data received from third parties); feeling of invasion of privacy by the following institutions: Google, Facebook, government agencies, university researchers; general privacy concerns.

Wave 3

Possession of smartphone, mobile phone, PC, tablet and/or e-book reader; social media use: account with user name and password at selected providers (Google, Facebook, Twitter, LinkedIn, Xing); trust in institutions (Google, Facebook, Federal Statistical Office, university researchers) with regard to the protection of personal data; general personal trust; awareness of the EU General Data Protection regulations (GDPR); knowledge test: goals of the GDPR (open); concerns about privacy in general; comprehensibility of excerpts of the contents of the EU General Data Protection regulations (GDPR) (resp. on passenger rights in the event of denied boarding and flight delays); estimated popularity of smartphones (proportion of smartphone owners per 100 adult Germans); repetition of the question on trust data collecting organisations (Google, Facebook) with regard to the protection of personal data and general personal trust; readiness for data exchange by Google (or Facebook or the Federal Statistical Office) for research purposes (or for commercial purposes).

Demography: sex; age (year of birth); federal state; school education; professional qualification.

Additionally coded was: running number; respondent ID; experimental groups GDPR Info; duration (reaction time in seconds); used device type to complete the questionnaire.

The questionnaire also included two experiments, one on the effect of GDPR-related information on trust in data collecting organisations and one on the comfort of data shar...

This chart depicts the share of most popular websites with privacy policies before and after GDPR in the European Union 2018, by country. Because of the GDPR regulation, the share of websites with privacy policies was higher in October 2018 than it was in December 2017. The country with the greatest difference was Latvia with 15.7 percentage points.

A Data Protection Impact Assessment (DPIA) is one of the ways to find out what privacy risks people face when information is collected, used, stored, or shared about them. This helps the London Borough of Barnet find issues so that risks can be taken away or lowered to a level that is acceptable. It also cuts down on privacy breaches and complaints that could hurt the Council's reputation or lead to action by the Information Commissioner (the government watchdog). The London Borough of Barnet makes DPIAs public in with its Data Charter and the 2018 Data Protection Act and UK GDPR.

The statistic illustrates the result of a survey with regard to the main issues faced by Italian companies while complying the GDPR (General data protection Regulation) in Italy in 2018. By farm the biggest issue was the difficult in mapping the data, opinion shared by more than half of the companies interviewed. The scarce awareness of the employees was the second problem, while the poor sponsorship of the management came third.

Prior to the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018, the Data Protection Correspondent (CIL) was responsible for ensuring compliance with the Data Protection Act within the company, group, association or administration that had designated it.

This designation was optional.

The CNIL publishes the list of private and public bodies that wished to engage in a compliance process by designating a CIL prior to the establishment, by the GDPR, of the DPO.

Since the EU's implementation of the General Data Protection Regulation (GDPR) in May 2018, numerous fines have been issued for violations or non-compliance. Of these, the fine of 1.2 billion euros received by Meta Platforms, Inc. in May 2023 has been by far the greatest. The company was issued such a penalty for personal data transfers to the United States without sufficiently complying with the EU regulation.

The questionnaire has eight items looking at knowledge of GDPR and current practices of data protection. It was developed using the Survey Monkey platform and posted in Greek nutrition and dietetics groups on Facebook. Data were collected between 5th and 10th May 2018. Language used is Greek.

Results were presented on May 11th 2018 at the 12th Macedonian Congress of Nutrition and Dietetics as part of a roundtable to discuss the future of the dietetics profession in Greece.

The General Data Protection Regulation (GDPR) Solutions market has emerged as a crucial segment in the realm of data privacy and protection, particularly as organizations across the globe strive to comply with stringent European Union regulations. The GDPR, implemented in 2018, set a high standard for data privacy,

The GDPR Assessment Tools market has emerged as a crucial component of the data privacy landscape since the General Data Protection Regulation (GDPR) came into effect in May 2018. These specialized tools are designed to assist businesses in assessing and ensuring their compliance with GDPR requirements, thereby faci

The GDPR Services market has witnessed significant growth and transformation since the enforcement of the General Data Protection Regulation (GDPR) in May 2018. With organizations increasingly prioritizing data privacy and compliance, this market plays a crucial role in helping businesses navigate the complexities o