Europe In The Data Protection Ranking

With the adoption of the General Data Protection Regulation (GDPR) in May 2018, the European Union set a milestone in the history of data protection that has received great international recognition. With the aim of achieving a common high level of data protection, rules for the protection of personal information have been standardized for the entire European Union for the first time. In a growing digitized world, in which theoretically every activity can be tracked and personal data generates high financial profits, the possibilities of individuals to control their personal information are limited. At this point, the regulation has created a dense network of rights and obligations that give consumers power and control over their data back.

‍

heyData knows data protection from its daily work with companies. Therefore, three years after the introduction of the GDPR, we wanted to use this study to find out how close the European countries have come when it comes to the level of data protection and to discover which points still need improvement. To do this, we examined the majority of the EU member states, Norway, which also implemented the EU GDPR, and the United Kingdom, in which the regulation was in effect until Brexit.

‍

The study focuses on five overarching categories, which we have evaluated in 24 sub-points using data and statistics from well-known sources, such as the European Commission or the Organization for Economic Cooperation and Development. A comparison of the EU countries was made possible by a simple mathematical point system. The result is the following data protection ranking, which shows the nations with the actually highest data protection level - Ireland, Germany and the Netherlands - at the top.

Europe In Comparison

Enforcement of Laws

Data Protection Violations

% Increase in Data Protection Violations During Pandemic

Fines (€)

Company

Data Protection Strategy

Privacy Team

Compulsory Voluntary Training

Further Training

Data Loss

Data Leak

Insurance Cover

Individual Data Protection

Smartphone Malware

Computer Malware

Payment Fraud

Phishing

Data Protection Competence

Advertising

Browser

Tracking and Scanning Services

Social Media

Apps

Cloud

Social Mood About Data Protection

Fear of Data Abuse

Authority Over Data

Overall Winners in the Data Protection Ranking

Position

Country

Final
Evaluation

Enforcement
Of Laws

Company

Individual Data Protection

Privacy-
Expertise

Social
Mood

Ireland

100,0

80,6

85,1

100,0

43,9

100,0

Germany

80,3

74,6

60,9

81,9

70,9

66,7

Netherlands

73,6

88,8

50,9

50,0

95,6

51,3

United Kingdom

64,8

52,1

100,0

9,2

58,4

92,3

Denmark

59,5

73,1

98,3

0,0

82,3

43,6

Finland

58,9

38,9

51,0

64,8

100,0

41,0

Belgium

44,3

5,3

51,7

72,1

46,6

79,5

Sweden

41,2

100,0

65,3

9,2

72,1

0,0

Italy

38,5

79,0

73,2

33,4

0,0

53,8

Austria

37,3

2,2

38,7

85,0

68,8

41,0

France

31,0

54,5

38,5

12,9

40,7

71,8

Latvia

27,8

2,1

63,1

64,2

13,5

66,7

Luxembourg

27,4

35,9

9,8

58,4

76,9

Poland

23,0

7,9

35,1

69,9

21,9

61,5

Spain

18,6

18,7

55,2

4,6

54,2

51,3

Estonia

17,3

0,9

47,3

88,1

41,8

2,6

Greece

16,1

1,2

21,8

93,1

7,3

53,8

Slovenia

15,7

32,1

30,9

50,6

26,4

35,9

Norway

12,9

26,2

45,5

4,2

64,2

28,2

Lithuania

0,8

0,0

29,9

76,2

13,3

15,4

Hungary

0,0

6,1

0,0

9,0

45,7

71,8

Enforcement of Laws

Position

Country

Category Evaluation

Data Protection Violations

Points

% Increase in Data Protection Violations During Pandemic
%

Points

Fines (€)

€

Points

Sweden

100

119

30,4

1,6 %

71,7

111,352€

95,8

Netherlands

382

100,0

-2,4%

75,6

14,591

€

12,6

Ireland

345

90,2

-1,5%

74,7

14,402

€

12,4

Italy

0,6

23,4 %

50,8

116,242

€

100,0

Germany

23,8

76,2 %

0,0

83,068

€

71,5

Denmark

325

85,0

36,2 %

38,5

9,811

€

8,4

France

1,2

-10,6%

83,4

80,862

€

69,6

United Kingdom

11,1

-27,9%

100,0

65,976

€

56,8

Finland

187

48,6

1,6 %

71,7

3,755

€

3,2

Slovenia

168

43,5

52,3 %

23,0

€

0,0

Luxembourg

147

37,9

8,7 %

64,9

€

0,0

Norway

23,1

3,5 %

69,9

15,432

€

13,3

Spain

0,9

54,7 %

20,7

30,613

€

26,3

Poland

10,3

63,6 %

12,1

4,494

€

3,9

Hungary

3,3

72,4 %

3,6

10,031

€

8,6

Belgium

4,8

26,0 %

48,3

7,251

€

6,2

Austria

6,5

-18,3%

90,8

797

€

0,7

Latvia

2,9

-13,7%

86,4

4,869

€

4,2

Greece

0,0

-14,2%

86,9

6,951

€

6,0

Estonia

5,6

14,0 %

59,7

€

0,0

Lithuania

2,0

62,7 %

13,0

2,89

€

2,5

Company

Position

Country

Category Evaluation

Data Protection Strategy
%

Points

Data Protection Team
%

Points

Continuing Education Voluntary
%

Points

Compulsory Training
%

Points

Data Loss
%

Points

Data Leak
%

Points

Insurance Cover
%

Points

United Kingdom

100

93,8

45,0

0,0

60,0

100,0

84,4

100,0

80,8

Denmark

100,0

69,0

75,0

52,0

77,8

78,1

71,4

50,0

100,0

Ireland

100,0

61,0

50,0

59,0

97,2

78,1

57,1

50,0

67,3

Italy

56,3

66,0

65,6

47,0

63,9

78,1

71,4

100,0

17,3

Sweden

90,6

59,0

43,8

44,0

55,6

50,0

14,3

100,0

67,3

Latvia

46,9

74,0

90,6

60,0

100,0

31,3

28,6

100,0

15,4

Germany

53,1

68,0

71,9

49,0

69,4

21,9

57,1

100,0

30,8

Spain

46,9

67,0

68,8

41,0

47,2

34,4

28,6

100,0

55,8

Belgium

53,1

77,0

100,0

42,0

50,0

31,3

42,9

50,0

40,4

Finland

78,1

62,0

53,1

54,0

83,3

46,9

57,1

0,0

46,2

Netherlands

68,8

74,0

90,6

35,0

30,6

25,0

57,1

50,0

42,3

Estonia

25,0

54,0

28,1

44,0

55,6

100,0

85,7

50,0

5,8

Norway

37,5

52,0

21,9

41,0

47,2

59,4

71,4

50,0

55,8

Austria

56,3

60,0

46,9

39,0

41,7

37,5

57,1

50,0

26,9

France

25,0

67,0

68,8

36,0

33,3

28,1

42,9

50,0

67,3

Luxembourg

37,5

63,0

56,3

39,0

41,7

34,4

42,9

50,0

42,3

Poland

25,0

69,0

75,0

26,0

5,6

68,8

14,3

100,0

13,5

Slovenia

50,0

61,0

50,0

44,0

55,6

15,6

143

100,0

0,0

Lithuania

37,5

64,0

59,4

42,0

50,0

34,4

0,0

100,0

0,0

Greece

0,0

57,0

37,5

24,0

0,0

71,4

100,0

40,4

Hungary

9,4

45,0

0,0

33,0

25,0

0,0

28,6

100,0

0,0

Individual Data Protection

Position

Country

Category Evaluation

Smartphone Malware
%

Points

Computer Malware
%

Points

Payment Fraud
%

Points

Phishing

Points

Ireland

100

85,7

1,6

88,8

0,1

100,0

0,93

68,9

Greece

57,1

2,4

79,8

0,6

93,0

0,5

84,7

Estonia

100,0

2,7

76,0

1,3

82,5

0,7

76,7

Austria

71,4

0,6

100,0

2,1

72,6

0,4

91,9

Germany

71,4

1,1

94,4

1,0

87,6

0,63

81,4

Lithuania

71,4

0,6

99,9

0,3

96,5

0,2

98,5

Belgium

57,1

1,2

93,0

1,9

74,2

1,0

68,0

Poland

57,1

0,7

99,1

0,4

95,6

0,2

100,0

Finland

71,4

2 ,, 4

79,8

1,7

77,6

0,9

68,8

Latvia

57,1

0,7

98,7

1,0

87,4

0,3

95,8

Slovenia

57,1

1,3

92,1

1,9

74,9

0,6

84,3

Netherlands

71,4

1,5

90,2

2,2

71,0

0,80

74,4

Italy

42,9

1,8

86,8

1,9

75,0

1,0

64,7

France

42,

2,8

74,8

5,4

26,4

1,5

45,9

Luxembourg

42,9

5,4

45,4

3,1

58,4

0,9

69,4

United Kingdom

100,0

2,0

84,2

7,3

0,0

1,9

30,6

Sweden

71,4

2,3

81,0

3,3

55,8

2,5

6,5

Hungary

14,3

9,3

0,0

4,9

33,7

0,4

89,4

Spain

0,0

2,4

79,2

3,1

58,0

1,0

67,3

Norway

57,1

2,1

83,5

4,4

40,8

2,1

21,9

Denmark

57,1

1,8

86,5

5,6

23,2

2,6

0,0

Data Protection Competence

Position

Country

Category Evaluation

Advertising
%
‍

Points

Browser
%

Points

Cookies
%

Points

Tracking and Scanning Services
%

Points

Social Media
%

Points

Apps
%

Points

Smartphone

Points

Cloud
%

Points

Finland

100

69,7

94,2

41,5

91,2

50,1

100,0

22,2

37,1

56,7

87,3

97,5

100,0

55,3

Netherlands

72,6

100,0

41,4

90,9

46,8

89,7

29,7

54,2

62,7

100,0

90,0

52,9

57,9

Denmark

63,5

81,9

44,2

100,0

32,6

45,3

25,7

45,1

48,8

70,6

82,5

35,3

94,7

Sweden

43,6

42,6

41,5

91,1

29,3

35,1

26,0

45,7

40,

52,6

100,0

29,4

97,4

Germany

62,8

80,5

30,7

55,5

49,1

97,1

18,2

28,0

40,1

52,0

92,5

70,6

10,5

Austria

60,3

75,6

42,2

93,4

36,9

59,0

12,1

14,0

53,8

81,1

62,5

64,7

23,7

Norway

47,0

49,3

38,8

82,2

27,3

28,8

24,5

42,3

36,8

45,1

97.5

29,4

71,1

United Kingdom

55,2

65,4

28,9

49,4

33,7

48,8

27,4

48,8

45,3

63,1

40,0

29,4

65,8

Luxembourg

38,4

32,2

36,0

73,1

40,4

69,7

20,3

32,7

29,6

29,8

87,5

41,2

44,7

Spain

62,2

79,5

18,3

14,4

28,9

33,9

13,9

18,2

53,8

81,1

72,5

41., 2

44,7

Belgium

40,9

37,1

15,1

3,8

31,4

41,5

49,9

100,0

27,8

25,9

55,0

23,5

52,6

Hungary

40,2

35,8

25,6

38,4

27,2

28,4

17,5

26,3

35,6

42,5

45,0

17,6

100,0

Ireland

50,4

56,0

15,3

4,5

29,6

35,9

9,9

9,1

42,7

57,7

57,5

47,1

55,3

Estonia

35,8

27,1

25,4

38,0

34,5

51,3

20,5

33,1

27,4

25,1

55,0

41,2

39,5

France

43,8

43,0

25,7

38,9

32,8

46,1

19,3

30,5

34,6

40,3

62,5

29,4

13,2

Slovenia

34,8

25,2

22,7

29,0

23,3

16,4

18,1

27,6

24,9

19,8

52,5

17,6

28,9

Poland

36,2

27,9

15,4

4,9

26,3

25,8

19,5

30,9

30,5

31,7

45,0

23,5

0,0

Latvia

32,0

19,5

15,1

3,6

23,6

17,3

10,6

31,2

33,1

30,0

11,8

13,2

Lithuania

32,8

21,2

21,0

23,3

19,9

5,8

13,8

18,0

27,7

25,8

12,5

0,0

31,6

Greece

28,6

12,8

14,0

0,0

23,3

16,4

14,3

19,0

24,4

18,8

12,5

11,8

10., 5

Italy

22,1

0,0

27,3

44,3

18,1

0,0

5,9

0,0

15,6

0,0

13,2

Social Mood About Data Protection

Position

Country

Category Evaluation

Fear of Data Abuse
%

Points

Authority Over Data
%

Points

Ireland

100

100,0

26,0

65,5

United Kingdom

92,3

26,0

65,5

Belgium

79,5

33,0

41,4

Luxembourg

76,9

26,0

65,5

France

71,8

34,0

37,9

Hungary

71,8

26,0

65,5

Germany

66,7

45,0

0,0

Latvia

66,7

31,0

48,3

Poland

61,5

21,0

82,8

Italy

53,8

23,0

75,9

Greece

53,8

22,0

79,3

Netherlands

51,3

30,0

51,7

Spain

51,3

36,0

31,0

Denmark

43,6

26,0

65,5

Finland

41,0

16,0

100,0

Austria

41,0

31,0

48,3

Slovenia

35,9

25,0

69,0

Norway

28,2

24,0

72,4

Lithuania

15,4

17,0

96,6

Estonia

2,6

21,0

82,8

Sweden

0,0

31,0

48,3

Methodology In A Nutshell

The aim of the study is to evaluate the efficiency of data protection measures as well as the data protection competence of consumers in Europe and to compare them at national level. The objects of investigation are all member states of the European Union (with exceptions) as well as the United Kingdom and Norway.

Bulgaria, Croatia, Malta, Portugal, Cyprus, Romania, the Czech Republic and Slovakia had to be excluded from the study due to insufficient data and to enable a fair comparison between all nations.

For the study, all of the named nations were evaluated in the five research fields “Legal Regulations”, “Companies”, “Private Individuals”, “Data Protection Competence” and “Social Mood”. A total of 24 influencing factors contributed to the final result of the study. All influencing factors were selected based on their informative value in relation to the performance of data protection measures or the data protection competence of consumers.

The result is a ranking of the pioneering nations in terms of data protection. The study ended on May 15, 2021.

A complete presentation of the methodology with all definitions, data and sources can be found here (German version, English version )