With the enactment of the General Data Protection Regulation (GDPR) in May 2018, the European Union has set a milestone in the history of data protection that has received great international recognition. With the aim of achieving a common high level of data protection, rules for the protection of personal information have been standardized for the entire European Union for the first time. In a growing digitalized world, where theoretically every activity can be tracked and personal data generates high financial returns, individuals' ability to control their personal information is limited. At this point, the regulation has created a dense web of rights and obligations that gives consumers back power and control over their data.

heyData knows data protection from its daily work with companies. Therefore, three years after the introduction of the GDPR, we wanted to use this study to find out how close the European countries have come in terms of the level of data protection and to uncover where there is still room for improvement. To do this, we examined the majority of EU member states, Norway, which has also implemented the EU GDPR, and the United Kingdom, where the regulation applied until Brexit.

The study focuses on five overarching categories, which we evaluated in 24 subsections using data and statistics from renowned sources, such as the European Commission or the Organization for Economic Cooperation and Development, among others. A comparison of the EU countries was made possible by a simple mathematical scoring system. The result is the following data protection ranking, which shows the nations with the actual highest level of data protection - Ireland, Germany and the Netherlands - at the top.