Press Release

GDPR hasn’t changed how more than a third of UK workers handle sensitive data

New insider threat survey highlights what employees really think about privacy regulations, revealing how non-compliance could be putting their employers’ data at risk

One year since the introduction of GDPR, more than a third (34.5 per cent) of British workers admit they still haven’t changed how they handle sensitive data, despite 84 per cent saying that they know what their data protection compliance responsibilities are. This is according to new survey findings announced today by ObserveIT, the leading insider threat management platform with more than 1,900 customers around the world.

The survey of 1,000 full-time UK employees reveals that the introduction of GDPR has had an impact on day-to-day work processes, with 83 per cent of respondents confirming that their employers have adopted new data security policies and technology solutions over the past year. Insiders – employees, partners and contractors – can be an organisation’s strongest defence for protecting sensitive information, but to do so, they need the right knowledge and continued training and support.
The key UK findings reflect this:
– Over a third (34.5%) of British workers say they are not handling data any differently since the introduction of GDPR
– Almost a third (27%) of British workers believe they never handle valuable customer or sensitive/proprietary data at all
– Only 22 per cent believe their personal information is safer with third-parties because of new regulations
– Just half of UK organisations recognise that a mix of technology, security training and technology usage policies must be used to combat data breaches.

Employees in the United States were also polled to establish a comparison between the two markets. Key differences highlighted are that:
– In the U.S, one-third of respondents say they aren’t aware of any privacy policies their organisation abides by, while in the UK only 17 per cent of people say they are unaware of privacy laws that affect their employer
– 44 per cent of U.S. employees aren’t very confident their organisation is taking the proper steps to protect their own personal information, compared to 61% in the UK who are confident
– 67 per cent of employees in the UK feel they have ample training to ensure that customer data is protected in line with new regulations versus 47% of employees in the U.S.

“Privacy regulations aren’t going away any time soon. In fact, over the next several years, we’ll likely see more regional policies go into effect as consumers demand more transparency around how their information is being used,” said Mike McKee, CEO of ObserveIT. “We’re committed to helping organisations navigate this privacy-centric business environment by providing deep understanding of user activity and tools to support employee behaviour change – ensuring the information of their customers and employees remains secure.”

To learn more about how ObserveIT is helping organisations ensure the security of customer and user privacy data and comply with GDPR and other compliance standards, by ensuring organisations have full visibility into data activity across all endpoints and cloud environments, visit

About ObserveIT
ObserveIT is the leading Insider Threat Management solution with more than 1,900 customers across 87 countries. ObserveIT is the only solution that empowers security teams to proactively detect insider threats, streamline the investigation process, and enable rapid response. With 350+ out-of-the-box insider threat indicators of compromise, rich metadata and outstanding search capability and playback of any policy violation, ObserveIT provides comprehensive visibility into what people – contractors, privileged users and high-risk users – are doing, and reduces investigation time from weeks or months to days. For more information visit: