Since its inception in 1991, the World Wide Web – or the internet – has grown immeasurably, with its capabilities exceeding the expectations of anyone who witnessed its implementation only 30 years ago. Now, it’s hard to think of a world without it; where would we be without unlimited knowledge at the touch of a button, the ability to maintain friendships with people halfway across the world or cat videos?Of course, the internet isn’t always a positive place. As the popularity of the online world grew, there also became an increased risk, particularly to our identities and our money. In 1998, to combat the mismanagement of data both online and offline, Parliament passed the Data Protection Act. Compiled of eight different principles, from fair and lawful processing to disallowing data transfers from outside of the EU, this law aimed to help reduce the risk of data mismanagement and data breaches, while holding the power to fine and prosecute those who didn’t comply. In January 2012, the European Commission wanted to take these laws one step further. As we began to enter a digital-first age, where the online world began to blend seamlessly with our daily lives, questions around whether the Data Protection Act of 1998 was robust enough to protect EU citizens. On May 25th, 2018, the General Data Protection Regulation (GDPR) was introduced. Not only did this new law enforce tougher rules around data protection, including the protection of genetic data and biometrics, but it made business data collection far more transparent. For the first time, internet users were able to see exactly how and why their data was being used, and they were given the autonomy to opt-out of giving away sensitive data. Additionally, consumers now have the right to request ‘to be forgotten’, with all stored data being wiped from a business’ database with the click of a button. As we edge closer to the three-year anniversary of the implementation of GDPR, we look at how the new laws have impacted both consumers and businesses, for better and for worse. Consumer trustBoth sides of the coin tell a very different story when it comes to consumer trust and GDPR. The general consensus amongst businesses across the EU is that GDPR has greatly improved consumer trust, with 73 per cent reporting that the regulations have notably improved data security. Unfortunately, this sentiment isn’t shared by consumers. 84 per cent feel that GDPR hasn’t been taken seriously by businesses, and the level of security they feel when giving data to certain sectors varies hugely. While financial services, such as banks, have gained nearly half of consumers’ trust, hospitality, for example, are lagging behind with not even a quarter of consumers happy with the level of security. But, looking at data breaches that have occurred since the implementation of GDPR, this level of dissatisfaction and worry from consumers comes as no surprise. From 280 million Microsoft users’ data being left unprotected to over a million of Mashable’s staff and consumer data being leaked by hackers, GDPR hasn’t necessarily solved the problems it was set out to manage, and consumers are concerned. Consumer controlDespite the worry of continued breaches and hacks, consumers do feel however that GDPR has improved the control they have over their own data. From being able to opt-in instead of having to opt-out, to having greater choice over the information given away through cookies, consumers feel much happier to be able to walk away from the brands they don’t trust and/or have no interest in. Education around Data privacy GDPR, since its inception, has been something that has eluded many. Filled with jargon and lacking much in the way of accessible educational assets, consumers – while aware of their data concerns – are still unsure of how to protect themselves against hacks or breaches. For example, only 14 per cent of internet users encrypt private conversations and only a third change their passwords regularly. While GDPR has undoubtedly been a positive step forward for businesses and consumers alike, it is clear there is room for great improvement. It is expected that as the world continues to evolve into a digital-first society, especially post-COVID as many of us move online for good in our working lives, and the need for much-improved data security becomes paramount, GDPR laws and business compliance will need to continue to evolve and improve and fast. If you’re looking for your next opportunity, or to build out your Data & Analytics team, we can help. Take a look at our latest opportunities or get in touch with one of our expert consultants to find out more.