This is some text inside of a div block.

case study

Safe-Surfer: These are the most security-conscious people in Europe

Due to the steadily increasing digitization, the GDPR was introduced as an EU regulation in 2018. The standardized data protection is intended to ensure that Internet users have full control over the use of their data. Companies and individuals across Europe had to come to terms with these measures and rules in order to make the Internet a safe place. How well the people in Europe have adapted to the GDPR provides information about how security-conscious and Internet-savvy people are in the different countries of Europe. heyData have done a study to see which European countries are the most savvy about the Internet and its dangers, highlighting the differences between countries and different age groups. Using data from the Organization for Economic Co-operation and Development, we examined the EU countries plus Norway, Turkey, Iceland and the United Kingdom and analyzed the following age groups: 16-24, 25-54 and 55-74.

interesting read

Europe in Data Protection Ranking

With the adoption of the General Data Protection Regulation (GDPR) in May 2018, the European Union set a milestone in the history of data protection that has received great international recognition.

The study focuses on the following factors to identify security-conscious and Internet-savvy people:

People who haven't had a virus on their PC in the last three months

People who have not been phished

People who use anti-tracking software

Individuals who have not experienced any personal data or privacy violations

The level of privacy settings of people in social media

People who protect their personal information from advertisers

Individuals who have not been affected by payment fraud

Whether a person prevents or restricts cookies

Based on these factors, we were able to create a ranking that shows where people are safest on the Internet.


The study aims to find out which countries and ages are the most savvy about the Internet and its dangers. The countries of the European Union as well as Norway, Turkey, Iceland and the United Kingdom were examined.

Bulgaria, Croatia, Malta, Cyprus and Romania had to be excluded from the study due to insufficient data and to allow a fair comparison between all countries.

For the study, all countries were analyzed in the following eight research fields: Internet users who were not affected by viruses in the past three months, were not affected by misuse of personal data or breaches of privacy, were not affected by financial losses due to fraudulent payments, who were not affected by phishing as well as the level of data protection of profiles in social media, the browser settings to prevent or limit cookies, the use of anti-tracking software and the protection of personal data from advertisers.

All influencing factors were selected on the basis of their informative value with regard to objective security when using the Internet.

The ranking was determined by age groups, 16-24, 25-54 and 55-74, in XNUMX countries. 

The result is a ranking of the pioneering nations, ages and genders in terms of Internet safety and affinity.

Research field 1: Users who have not been affected by viruses in the last 3 months (computer malware)

The need to protect a computer against viruses is a must with increasing digitalization and the presence of appropriate protection shows how security-conscious users are. A computer virus is a malicious program or code that changes the way a computer works and can spread from computer to computer. The virus can attach itself to a legitimate document or program.

This research area looked at how many people hadn't had a virus on their computer in the past three months. The data for this was provided by the Organization for economic cooperation and development accepted. The lower the score, the better users protect themselves with antivirus software.

Investigation field 2: Persons who are not affected by misuse of personal data or violations of privacy (personal data)

The misuse of personal data can take many forms, such as: B. the loss of personal data or the sharing of data with unauthorized recipients. A data protection breach is broadly defined as a security incident that compromises the integrity, confidentiality, or availability of personal data. A data breach occurs when personal data is destroyed, lost, damaged or disclosed, or when it is passed on without authorization or made inaccessible. 

A lower score in this area reflects a high level of security awareness. The data were taken for the last three available months and come from the Organization for economic cooperation and development.

Research area 3: Individuals who have not suffered financial losses from fraudulent payments (payment fraud)

In the case of digital payment fraud, payments are forged or redirected. Such fraud can include creating fake customer records and bank accounts that result in incorrect payments, or changing payee details. Payments are not authorized by the account holder or are authorized under false pretenses and may result in the loss of funds, personal data or personal property. 

In this area, a lower score reflects the better evaluation. The data is from the last three months and was provided by the Organization for economic cooperation and development applicable. 

Research field 4: People who are not affected by phishing (phishing)

Phishing is an attack on the computer to steal information such as credit card numbers or login details. The attacker pretends to be a trustworthy entity and tries to trick victims into opening an e-mail, text message or instant message and specifying sensitive data such as bank details or passwords. 

A low score indicates a high level of knowledge about phishing and the use of appropriate protective measures. The data comes from the Organization for economic cooperation and development and refer to the last three months. 

Research area 5: Data protection level of profiles in social media (social media)

The data protection competence in social media profiles and content was examined. A high level of data protection prevents personal information from being viewed by companies, users or unauthorized third parties.

The higher the score in this area, the higher the average competence of the individual in matters of data protection. The data come from the Organization for economic cooperation and development and refer to the last twelve months. 

Research field 6: Rejection or restriction of cookies (cookies)

This area includes people who have changed the settings in their Internet browser in order to limit the number of active cookies or to block them entirely. Cookies are text files that contain data such as a user name or password to identify your computer when using a computer network. The data stored in a cookie is only intended for you and your computer. Deleting cookies deletes the information stored in your browser and is useful, for example, when you do not want other people to see your browsing history.

The higher the score, the greater the user's awareness of limiting or preventing cookies. The data was taken from the Organization for economic cooperation and development adopted. 

Research area 7: Protection of personal data from advertisers

Advertisers have the option to access data on personal characteristics for targeted advertising. Advertisers can do this, for example, via social media or via popular search engines. However, the GDPR gives individuals a great deal of control over how advertisers can collect, store, and use their data.

The higher the score, the better a person can protect their personal information from advertisers. The data was taken from the Organization for economic cooperation and development taken over from the last twelve months. 

Study area 8: Use of anti-tracking software

Anti-tracking software increases the protection of a computer's privacy while surfing the Internet. Anti-Tracking-Tools is able to prevent the transmission of unsafe data to your computer and blocks advertising that collects personal data of users.

A high score means that anti-tracking software is more likely to be used. The data was taken from the Organization for economic cooperation and development.

Results and evaluation

To calculate a ranking, all results of the influencing factors examined were normalized. For this purpose, points on a scale between 0 and 100 were used. The age and the country that showed itself to be particularly progressive with regard to Internet affinity for the respective influencing factor received the score 100. The country or age that was the least advanced with regard to data protection measures for the respective influencing factor received the score 0. 

Then all points from all influencing factors of an examination field were added. The total was the result of the study area. Finally, all eight study field results were added and this final result also standardized on a point scale between 0 and 100. The standardized final result corresponds to the communicated final ranking. 
The calculation was carried out according to the following standardization formula: x new = x - x minx max - x min