To mark the GDPR’s one-year anniversary, the European Commission recently published the results of two surveys meant to illuminate the public’s awareness of the GDPR and its practical applications.

Special Eurobarometer 487a – GDPR Report

The first survey, the special Eurobarometer 487a (the “Eurobarometer”), was meant to elucidate the public’s awareness of the GDPR, as well as the public’s practical experiences and opinions of data protection issues more generally.

The Eurobarometer focused on respondents’:

  • use of the Internet and activity on online social networks and shopping platforms;
  • awareness of the GDPR, individuals’ rights under it and the national supervisory authority in charge of enforcing the GDPR;
  • perceived control over personal data provided;
  • level of apprehension they experience as a result of not feeling fully in control of their data;
  • reactions to the information they receive regarding how their personal data is collected and used (including the potential further use) of their personal data;
  • attitudes vis-à-vis privacy notices, the percentage of respondents who read online privacy notices and the reasons for not (fully) reading them; and
  • use of privacy settings and reasons for not changing the default settings.

Access the full report with the results of the Eurobarometer.

GDPR Multistakeholder Expert Group Report

The European Commission also published the Contribution from the Multistakeholder Expert to the Stock-Taking Exercise of June 2019 on One Year of GDPR Application (the “Report”). The Report was compiled by the GDPR Multistakeholder Expert Group (the “Group”), a committee of academics, legal practitioners and representatives of business and civil society organizations that supports the European Commission connection with the GDPR’s application.

The Report reflects the GDPR Multistakeholder Expert Group members’ feedback on certain aspects of the GDPR, including:

  • the impact of the GDPR on the exercise of data subjects’ rights;
  • the challenges related to the new conditions for valid consent;
  • the number of complaints and legal actions introduced since the application of the GDPR;
  • experiences with Data Protection Authorities and the one-stop-shop mechanism;
  • feedback on the implementation of the accountability principle and the risk-based approach;
  • interactions with Data Protection Officers;
  • feedback on the controller/processor relationship;
  • the need to adapt/further develop Standard Contractual Clauses for international transfers; and
  • GDPR implementation in national legislation at the Member State level.

For more information, please find the complete Report.