Thoughts on GDPR’s 1st birthday
Can you believe GDPR is now one year old? Even though 12 months is a long time in digital marketing, I’m sure you remember the many news articles and headlines in the run-up to 28 May 2018. In particular, the huge penalties (up to EUR 20 million or 4% of annual turnover).
Since the EU regulation was enacted, it’s true there have been multi-million-euro fines totalling EUR56 million. However, most of that is from one case: Google. They were fined EUR50 million by the French regulator CNIL, for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation“.
Another way GDPR was expected to have a big impact was around emails and spam. I remember (maybe you do too) before 28 May receiving many emails from companies asking me to opt-in to continue receiving emails from them. While you may not always need opt-in if you’re sending emails under ‘legitimate consent’, this was seen as a way to reassure recipients around data privacy and protection.
While it’s still early days to know the full impact of this, I managed to find some online data from the EU. This overview (pdf) says there were 94,622 complaints from 31 EEA countries over nine months. I couldn’t find anything that focused just on the Nordic countries, although according to GDPR Today, Sweden was responsible for just 2,427 of those complaints.
Does this mean GDPR hasn’t had the transformative impact many expected? Not at all. GDPR is a great opportunity to transform your customer experience. Improving databases can only be a good thing for the future of email marketing. Consumers get less spam, while marketers are more likely to reach audiences who are engaged.
Plus, for companies seeking to expand internationally, GDPR could be a catalyst for aligning data privacy on a global scale. Non-EU companies now have to comply if they have data on EU citizens, and countries such as China and Singapore have enacted their own data protection regulations.
For consumers, businesses and companies, so far GDPR appears to be a win-win situation. What do you think?