Table of Links
-
Literature Review
3.1 Consumer awareness and knowledge of the regulation
3.2 Consumer awareness and knowledge of the regulator
3.3 Consumer perceptions of privacy
3.4 Business response to Data Protection regulation
3.5 Employee awareness of their employer’s Data Protection regulator
3.6 Employee perception of benefit of the GDPR to their employer
3.7 The research goal is the consumer/employee perception of the GDPR
-
Methods
-
Analysis and Results
5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator
5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced
5.5 Hypothesis 4: Companies have responded to GDPR and made changes
5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work
5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR
-
Discussion and 6.1 High consumer awareness and knowledge of the GDPR
6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes
6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter
-
Conclusion, Funding and Disclosure Statement, and References
5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator
We assessed consumer awareness of the UK GDPR regulator by repeating questions from the phase #2 survey. Participants were asked to identify the regulator from five possible answer options. In the survey, 38% correctly guessed the Information Commissioner’s Office (ICO), and 47% did so in the subsequent main study. Follow-up analysis revealed that those who initially chose the ICO remained consistent, while those who initially selected the DPA options wavered. Overall, we found no significant learning effect. Refer to Table 1 for detailed confusion analysis.
This was followed by an open question ‘What is/are the main purpose(s) of the GDPR regulator?’ Table 9 in the appendix shows a topic analysis performed by two researchers using inductive coding to classify the textual responses. The top four purposes were to monitor companies’ compliance, protect data (security), issue fines, and ensure against data misuse.
Approximately 45% of participants reported awareness of companies being fined by the regulator, with no statistically significant correlation found between this awareness and the belief that the regulator should fine companies (Mann-Whitney 𝑈 = 5.5, 𝑝 = 0.82). Interestingly, among those aware of fines, 53% could not recall the identity of the fined companies. Among those who could recall, the top three mentioned were Facebook, British Airways, and Talk Talk (a UK mobile phone operator).
Given less than half could recognise the ICO from a shortlist, we conclude moderate consumer awareness exists regarding the regulator’s identity, with slightly higher awareness of its role and actions.
5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced
In different parts of the survey, participants responded to three Likert scale statements related to GDPR (Table 3). All of the responses were overwhelmingly positive. No statistically significant relationship was found between these answers and participants’ company size or department.
Authors:
(1) Gerard Buckley, University College London, UK (gerard.buckley.18@ucl.ac.uk);
(2) Tristan Caulfield, University College London, UK (t.caulfield@ucl.ac.uk);
(3) Ingolf Becker, University College London, UK (i.becker@ucl.ac.uk).
This paper is