Table of Links Abstract and 1. Introduction Abstract and 1. Introduction Background to the GDPR Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary Methods 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.9 Limitations and future work Conclusion, Funding and Disclosure Statement, and References Background to the GDPR Background to the GDPR Background to the GDPR Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary Literature Review 3.1 Consumer awareness and knowledge of the regulation 3.1 Consumer awareness and knowledge of the regulation 3.2 Consumer awareness and knowledge of the regulator 3.2 Consumer awareness and knowledge of the regulator 3.3 Consumer perceptions of privacy 3.3 Consumer perceptions of privacy 3.4 Business response to Data Protection regulation 3.4 Business response to Data Protection regulation 3.5 Employee awareness of their employer’s Data Protection regulator 3.5 Employee awareness of their employer’s Data Protection regulator 3.6 Employee perception of benefit of the GDPR to their employer 3.6 Employee perception of benefit of the GDPR to their employer 3.7 The research goal is the consumer/employee perception of the GDPR 3.7 The research goal is the consumer/employee perception of the GDPR 3.8 Summary 3.8 Summary Methods 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations Methods 4.1 Design 4.1 Design 4.2 Data Analysis and 4.3 Ethical considerations 4.2 Data Analysis and 4.3 Ethical considerations Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Analysis and Results 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.1 Background demographics and 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.3 Hypothesis 2: Consumers lack awareness and knowledge about the regulator 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.4 Hypothesis 3: Consumers feel their privacy is better since GDPR was introduced 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.5 Hypothesis 4: Companies have responded to GDPR and made changes 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.6 Hypothesis 5: Employees lack awareness of the GDPR regulator at work 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.7 Hypothesis 6: Employees have seen little benefits to their company from GDPR 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective 5.8 Research question: GDPR: Is it worth it? and 5.9 A regression model based on the dual professional-consumer perspective Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.9 Limitations and future work Discussion and 6.1 High consumer awareness and knowledge of the GDPR Discussion and 6.1 High consumer awareness and knowledge of the GDPR 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.2 Respondents lacked a formed opinion and 6.3 GDPR has driven changes 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.4 Perceptions of privacy have improved and 6.5 The profile of the regulator may not matter 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.6 Regulator Enforcer and 6.7 GDPR is worth it if... 6.8 Implications 6.8 Implications 6.9 Limitations and future work 6.9 Limitations and future work Conclusion, Funding and Disclosure Statement, and References Conclusion, Funding and Disclosure Statement, and References Conclusion, Funding and Disclosure Statement, and References A. Table of Survey Responses A. Table of Survey Responses B. Regression Analysis B. Regression Analysis C. Survey C. Survey 5 ANALYSIS AND RESULTS 5.1 Background demographics In the final phase #3 of the study, most participants were from large (250 to 2,499 employees) and very large companies (2,500+). The Operations/Manufacturing and Customer Service departments accounted for just over 50% of the sample (see Appendix A for details). 5.2 Hypothesis 1: Consumers are aware and knowledgeable about the GDPR In the larger phase #2 survey, 93% of respondents confirmed awareness of GDPR or the General Data Protection Regulation. Only those who acknowledged familiarity were invited to the subsequent main study. Regarding the question ‘How well do you know what rights GDPR gives you as a consumer?’, we employed a slider scale from 0 (nothing) to 100 (expert) for more precise quantification. The average score was 50.6, with a median of 53. Notably, the distribution in Figure 1 hints at two distinct populations—one less confident in their GDPR knowledge. A Kolmogorov-Smirnov test supports this, rejecting the null hypothesis of a single normal distribution (𝑝 = 0, 𝑠 = 1.00). Respondents were then presented with eight statements, of which four were correct regarding consumer rights, to test their depth of knowledge of the GDPR. The answer options were yes, no or unsure. While the averaged scores per individual are pretty high, only 59% of respondents got all the positive statements correct, and only 20% got all the negative statements correct, i.e. correctly identified the incorrect statements (Figure 2). We conclude there is a high awareness and knowledge of the GDPR. People may lack confidence that they know their consumer rights under the GDPR at a high level but are more sure-footed at a detailed level. Participants scored high on recognising legitimate rights but were unsure when presented with made-up rights. Authors: (1) Gerard Buckley, University College London, UK (gerard.buckley.18@ucl.ac.uk); (2) Tristan Caulfield, University College London, UK (t.caulfield@ucl.ac.uk); (3) Ingolf Becker, University College London, UK (i.becker@ucl.ac.uk). Authors: Authors: (1) Gerard Buckley, University College London, UK (gerard.buckley.18@ucl.ac.uk); (2) Tristan Caulfield, University College London, UK (t.caulfield@ucl.ac.uk); (3) Ingolf Becker, University College London, UK (i.becker@ucl.ac.uk). This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv available on arxiv