Table of Links Abstract and 1. Introduction Abstract and 1. Introduction Background to the GDPR Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary Methods 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.9 Limitations and future work Conclusion, Funding and Disclosure Statement, and References Background to the GDPR Background to the GDPR Background to the GDPR Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary 3.8 Summary Methods 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations Methods 4.1 Design 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations 4.2 Data Analysis and 4.3 Ethical considerations Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.9 Limitations and future work Discussion and 6.1 High consumer awareness and knowledge of the GDPR Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.8 Implications 6.9 Limitations and future work 6.9 Limitations and future work Conclusion, Funding and Disclosure Statement, and References Conclusion, Funding and Disclosure Statement, and References Conclusion, Funding and Disclosure Statement, and References A. Table of Survey Responses A. Table of Survey Responses B. Regression Analysis B. Regression Analysis C. Survey C. Survey 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator We assessed consumer awareness of the UK GDPR regulator by repeating questions from the phase #2 survey. Participants were asked to identify the regulator from five possible answer options. In the survey, 38% correctly guessed the Information Commissioner’s Office (ICO), and 47% did so in the subsequent main study. Follow-up analysis revealed that those who initially chose the ICO remained consistent, while those who initially selected the DPA options wavered. Overall, we found no significant learning effect. Refer to Table 1 for detailed confusion analysis. This was followed by an open question ‘What is/are the main purpose(s) of the GDPR regulator?’ Table 9 in the appendix shows a topic analysis performed by two researchers using inductive coding to classify the textual responses. The top four purposes were to monitor companies’ compliance, protect data (security), issue fines, and ensure against data misuse. Approximately 45% of participants reported awareness of companies being fined by the regulator, with no statistically significant correlation found between this awareness and the belief that the regulator should fine companies (Mann-Whitney 𝑈 = 5.5, 𝑝 = 0.82). Interestingly, among those aware of fines, 53% could not recall the identity of the fined companies. Among those who could recall, the top three mentioned were Facebook, British Airways, and Talk Talk (a UK mobile phone operator). Given less than half could recognise the ICO from a shortlist, we conclude moderate consumer awareness exists regarding the regulator’s identity, with slightly higher awareness of its role and actions. 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced In different parts of the survey, participants responded to three Likert scale statements related to GDPR (Table 3). All of the responses were overwhelmingly positive. No statistically significant relationship was found between these answers and participants’ company size or department. Authors: (1) Gerard Buckley, University College London, UK (gerard.buckley.18@ucl.ac.uk); (2) Tristan Caulfield, University College London, UK (t.caulfield@ucl.ac.uk); (3) Ingolf Becker, University College London, UK (i.becker@ucl.ac.uk). Authors: Authors: (1) Gerard Buckley, University College London, UK (gerard.buckley.18@ucl.ac.uk); (2) Tristan Caulfield, University College London, UK (t.caulfield@ucl.ac.uk); (3) Ingolf Becker, University College London, UK (i.becker@ucl.ac.uk). This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv available on arxiv