GDPR hasn’t changed how more than a third of UK workers handle sensitive data

data breach

A new insider threat survey highlights what employees really think about privacy regulations, revealing how non-compliance could be putting their employers’ data at risk

 One year since the introduction of GDPR, more than a third (34.5 per cent) of British workers admit they still haven’t changed how they handle sensitive data, despite 84% saying that they know what their data protection compliance responsibilities are.

This is according to new survey findings announced today by ObserveIT, the leading insider threat management platform with more than 1,900 customers around the world.

The survey of 1,000 full-time UK & US employees reveals that the introduction of GDPR has had an impact on day-to-day work processes, with 83% of respondents confirming that their employers have adopted new data security policies and technology solutions over the past year.

Insiders – employees, partners and contractors – can be an organisation’s strongest defence for protecting sensitive information, but to do so, they need the right knowledge and continued training and support. The key UK findings reflect this:

  • Over a third (34.5%) of British workers say they are not handling data any differently since the introduction of GDPR
  • Almost a third (27%) of British workers believe they never handle valuable customer or sensitive/proprietary data at all
  • Only 22 per cent believe their personal information is safer with third-parties because of new regulations
  • Just half of UK organisations recognise that a mix of technology, security training and technology usage policies must be used to combat data breaches.

Employees in the United States were also polled to establish a comparison between the two markets. Key differences highlighted are that:

  • In the U.S, one-third of respondents say they aren’t aware of any privacy policies their organisation abides by, while in the UK only 17% of people say they are unaware of privacy laws that affect their employer.
  • 44% per cent of U.S. employees aren’t very confident their organisation is taking the proper steps to protect their own personal information, compared to 61% in the UK
  • 67% of employees in the UK feel they have ample training to ensure that customer data is protected in line with new regulations versus 47% of employees in the U.S.

Mike McKee, CEO of ObserveIT, said:

“Privacy regulations aren’t going away any time soon. In fact, over the next several years, we’ll likely see more regional policies go into effect as consumers demand more transparency around how their information is being used.

“We’re committed to helping organisations navigate this privacy-centric business environment by providing deep understanding of user activity and tools to support employee behaviour change – ensuring the information of their customers and employees remains secure.”

About ObserveIT
ObserveIT is an Insider Threat Management solution with more than 1,900 customers across 87 countries. ObserveIT is the only solution that empowers security teams to proactively detect insider threats, streamline the investigation process, and enable rapid response.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.