Abstract This paper presents an extensive analysis of Internet security experiences and perceptions among European Union (EU) citizens, as detailed by data within commented graphics highlighting awareness of online privacy practices, security-related aspects and data tracking methods. The paper also examines the implications of the General Data Protection Regulation (GDPR) regarding businesses operating within the EU and the European Economic Area (EEA). Via a thorough investigation of Internet users' awareness of cookies as tracking tools and the prevalence of security-related incidents, the paper provides insights into the evolving landscape of online privacy and security. It elucidates the challenges and opportunities presented by GDPR compliance for businesses, compliance requirements, spanning core principles and broader implications of data processing practices. The findings mark the imperative to align businesses’ operations with GDPR provisions, addressing key aspects such as consent mechanisms, lawful bases and the importance of robust data security measures. The conclusion reveals the significance derived from the intersection of internet security perceptions, GDPR compliance, and business operations within the EU and EEA. Synthesizing empirical data with regulatory analysis, the paper provides a valuable understanding of the challenges and opportunities within the evolving regulatory landscape, thereby equipping businesses with actionable strategies in order to safeguard data privacy rights and uphold regulatory compliance in the digital age.