It’s been one year since GDPR went into effect, what was the impact, what did we learn and what’s looming ahead?
In the first few months after GDPR went “live,” our headlines were filled with stories of complaints and violations. According to a report by DLA Piper, over 59,000 data breaches were reported in the first eight months of GDPR going into effect, ranging in severity from errant emails to the wrong recipient to major cyber hacks affecting millions. Large, prominent organizations were “easy” targets, often singled out by specific consumer advocacy groups. While many consumer groups want to hate the “villains,” as marketers, we can learn from their vulnerabilities:
And while we’re on the subject of the Dutch DPA, the Netherlands is also the first country to release a GDPR fining policy, introducing a scale for less severe violations. Factors that can influence where you fall on the scale include duration of the infringement, number of people involved, how quickly the offending organization reacts, and what type of personal data is involved.
But probably the most notorious GDPR event of the year was news of the first major fine issued to Google, a whopping $50 million by the French CNIL for failure to secure user consent to serve personalized ads.
What should we expect next?
Preparing for compliance was just the beginning; now, it’s about maintaining compliance. As marketers, we’re tasked with continuing to be mindful of data collection and storage practices, amidst ever-changing rules. I like the analogy given by Ruby Zefo, Chief Privacy Officer of Uber: “GDPR is a lot like raising a baby. We waited two years for the GDPR baby to be born, and now that it’s here, we can’t leave it in its high chair to fend for itself. You still need to take care of it.”
How should you prepare for the next chapter in compliance and data privacy?
My best advice for those following the compliance story: don’t take a wait-and-see approach to protecting your data, enabling transparency of data usage or capturing user consent. We’re one-year in with GDPR and six-months out from CCPA going into effect. As evidenced from the many other state initiatives emerging, data regulation is here to stay and will only gain momentum in the months to come. Those who embrace the new realities will be the companies marketing happily ever after.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.