22 GDPR Stats You Need To Know About (2023 Edition)

22 GDPR Stats You Need To Know About (2023 Edition)

Published By John Desyllas
September 11, 2023

It’s been almost 4 years since the General Data Protection Regulation of the European Union was put in effect. So, if you’re looking to find some GDPR stats regarding how businesses and websites access, use and share users’ data, you’re at the right place.

GDPR was put in place to dictate how businesses would use and protect the data of their web users. Its main goals are to:

  • protect the users’ rights regarding their data
  • ensure the data privacy law is up-to-date with the latest technological developments
  • establish consistent legislation across the EU

Now let’s move on to some insightful GDPR stats!

email marketing software
Try Moosend Today

The easiest and most affordable email marketing and newsletter software!

General GDPR Stats

  • The deadline given for GDPR compliance was May 25, 2018.
  • Approximately 30% of European businesses are still not compliant with GDPR. (RSM Global)

gdpr stats

  • Law requires that data breaches be reported within 72 hours.

A data breach is an incident wherein information is taken (or stolen) from a system without the authorization or knowledge of the system’s owner. Sometimes companies may try to conceal the extent of the damage or conceal the breach itself. This law helps deter that. Moreover, companies must personally notify affected users.

  • The demand for Data Protection Officers (DPOs) has risen by over 700%. (Reuters)
  • 47% of organizations performed updates on their website cookie policies, while 80% updated their policy more than once a year. (TrustArc)
  • 61% of people who are active about their privacy are under the age of 45. (CISCO)

This demographic group is also the one doing more shopping online. What this statistic shows is that younger people consider respect for privacy as core to the brand of the companies they do business with.

  • 90% of respondents claim they won’t buy from a company if they don’t know how their personal data will be used or the company doesn’t properly protect its data. (CISCO)

Apparently, the pandemic of COVID-19 strengthened privacy’s role, and organizations made an active effort to solve personal data issues that have arisen in the past few years. As a result, it shouldn’t come as a surprise that for 92% of organizations respecting privacy is integral to their culture.

  • In the first years after GDPR implementation, 81% of respondents felt that they had little or no control over the customer data collected by organizations. (Pew Research)
  • 83% of all corporate respondents said privacy laws have had a positive impact, 14% were neutral, while only a mere 3% thought they had a negative result. (CISCO)

Through the establishment of data protection laws, there is a better framework and clarity regarding the rights of data owners and what data processing activities are permitted or prohibited.

  • Data privacy is ranked second (32% of respondents) among the core competencies for modern security teams. (CISCO)
  • The average privacy budget is $2.7 million. This is a 13% increase since last year. (CISCO)

It will be interesting to see in the years that come where the spending growth is coming from. It could be attributed to headcount, technology, or even outside counsel.

  • The top benefits associated with investments in data security are building loyalty and trust (71%), making the company more attractive (69%), and maintaining operational efficiency (68%). (CISCO)
  • Regarding the use of personal data in AI use cases (e.g. selection of a sales representative, setting prices), a range of 37% to 55% of respondents claimed they would trust a company less if AI was employed for these decisions. (CISCO)
  • The countries with the most data breach notifications as of January 2022 are by far Germany (106,731) and the Netherlands (92,657). (DLA Piper)

total number of data breach notifications

User Sentiment over Data Privacy

  • Almost half of the EU citizens (45%) are still concerned about their data privacy. (SurveyMonkey)
  • 62% of consumers in the UK feel more comfortable sharing their data now that there are data protection laws in place. (DMA)
  • Only a small 31% of consumers feel their overall experience with companies has improved since the introduction of GDPR. (Marketing Week)
  • 46% of consumers feel they cannot adequately protect their data, primarily because they seem to find it too difficult to understand what companies are doing with their data. (CISCO)

GDPR Fines

  • During the first 20 months of GDPR, more than €114 million have been issued in fines. (GDPR.eu)
  • The largest fine for GDPR violations as of 2022 was issued by Luxembourg DPA to Amazon Europe. It was a fine of 746 million Euros. (Statista)

gdpr stats regarding fines imposed

Email Marketing GDPR Statistics

  • In Europe, North America and Oceania, the majority of businesses (over 57%) chose to send “Privacy Policy Changed” emails to their customers instead of emails that asked for “re-consent.” (Moosend)
  • Email open rates and click-through rates have greatly increased since 2014, by 19% and 14% respectively. (Acoustic)

Maintaining GDPR compliance has been a major challenge for both email service providers (ESPs) and marketers. However, it is evident that email marketing campaigns that target users that have expressed their consent through double opt-in are more effective compared to the past.


As seen in the above GDPR stats, most companies have taken significant steps to upgrade their data protection efforts and cybersecurity but there are still those businesses that suffer non-compliance fines from the data protection authorities.

There are two things that are undeniable, though! The first is that customers want to know that their data is not being abused and used in ways they don’t expect or understand. And the second -and most important for businesses- is that investing in privacy pays off and doesn’t impede business growth.

Similar Posts