European Commission polling in March took stock of EU citizens’ views on data protection in Europe and in particular of the General Data Protection Regulation (GDPR), which came into effect in May last year. The regulation was intended to give power back to EU citizens on how their personal data is being processed and used. The GDPR harmonized data privacy laws across Europe and reshaped the way organizations across the region approach data privacy.

“The results show that Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated,” said the European Commission about the survey’s results.

Yet the results were decidedly mixed.  While two-thirds of those surveyed had heard about the GDPR, one third had not. Of the first group, about half knew exactly what is was; the other half wasn’t so sure. The degree of awareness varied dramatically between countries.

As for the regulation’s guaranteed rights, 73% said they’d heard about at least one out of six of the GDPR rights. Almost two thirds knew about the right to access their data; 61% of the right to correct their data; 59% about the right to not receive direct marketing; 57% about the right to have their data deleted. Half of those asked had heard about the right to move their data from one provider to another.

According to the Commission survey, the three most exercised rights are: 1. the right to object to receiving direct marketing; 2.  the right to access personal information; 3. the right to correct personal data if it is false. A clear majority say they have heard about the existence of a public authority in their country responsible for protecting their rights regarding their personal data, which the Commission points out is an increase of 20 percentage points since 2015.

The majority of respondents feel they have at least partial control over the information they provide online. Just over one in five say they are always informed about the conditions attached to the collection and use of their personal data online, and only 13% read privacy statements online.

The Commission took solace in the fact that only in France and Italy had a majority of respondents not heard of the GDPR. Those most in the know were: Sweden, the Netherlands, Poland, Denmark, and Ireland.