Happy Birthday GDPR

How is our new data protection policy performing one year on?

One year ago (give or take a few days), GDPR came into effect. After months of uncertainty, scaremongering, privacy policy updates, opting in and unsubscribing, May 25th, 2018 came and went just as peacefully as our newly emptied inboxes. Bliss.

On the eve of GDPR’s first birthday, how is the policy actually performing? What progress has been made, and is our data actually any safer than it was before? How have our attitudes towards safeguarding personal data changed?

What kind of impact has GDPR had so far?

While earth-shattering fines to the tune of €20 million have yet to emerge, it’s fair to say that GDPR has made mixed progress in its first year. Incident and data breach reports to regulators across Europe have shot up, with the Netherlands, Germany and the UK being notified the most out of any country. According to a study by DLA Piper, 59,000 personal data breaches have been logged with regulators – ranging from unwanted marketing complaints to major, front page cyberattacks.  To date, 91 cases have resulted in fines under GDPR policy, totalling €55.96m (a whopping €50m of which goes to Google).

Despite Google’s large fine, it’s clear that the GDPR has a long way to go when it comes to imposing fines upon other companies and organisations. But as regulators bring work through their backlogs and define how they will enforce the new regulations going forward, we’re sure to see more and more fines, sanctions and scandals as time goes on.

One thing is for sure, however: GDPR has succeeded in increasing awareness of data safety amongst employers, marketers and individuals. Faced with the possibility of large sanctions, loss of reputation, hacks and attacks, turning a blind eye to reckless practices and data breaches is no longer an option – both in the eyes of the ICO and the general public.

Is our data any safer under GDPR than it was before?

The GDPR has been crucial in setting the standard for data security in our time. As well as establishing a more comprehensive, modern definition of what constitutes personal data and how to best protect it, GDPR has been responsible for a global shift in attitudes towards protecting our own data as a form of currency. As a culture, we’ve never been more aware of the damaging effects a breach can have on our own lives: from hackers accessing our credit card and billing information, to the chronic mishandling of user data by Facebook, data insecurity is an unpleasant reality for many of us nowadays.

This reality is reflected in new research commissioned by Marketing Week, which reveals the extent of consumers’ disillusionment with companies and brands. 40% of those surveyed don’t think companies care if they breach data laws, whilst a new report from IDEX Biometries Asa contends that UK consumers believe GDPR has failed to protect them and hasn’t been taken seriously enough by businesses.

What does this mean for brands?

All this amounts to a big job for brands who – like everyone else – rely on a steady influx of intelligent customer data to feed and inform their business. Faced with consumers’ pessimistic outlook (17% of consumers believe their relationship with companies has worsened since GDPR came into effect), how can brands build back meaningful trust with their audiences?

Consumers now demand transparency and authenticity from companies, a trend backed up by numbers: 93% of consumers are aware of GDPR, and 48% understand their rights about how their personal data is used by brands. Consumers are clearly more empowered when it comes to safeguarding their own data and are savvier than ever when choosing to entrust a brand with it (and even more keen to dump one who uses and abuses it).

Companies who continue to actively prioritise the safety of their customers’ personal data and work to empower the user to make decisions on how their data is used are sure to benefit. In fact, 37% of those surveyed say they spend more money with brands who adopt this ethos in their marketing and communications.

Marketers, designers and business owners should prioritise transparency and respect for the individual across their communications and touchpoints if they’re to thrive post-GDPR. Beyond the nitty-gritty of internal data security policies, brands should demonstrate to consumers just how they use their personal data and empower them to make informed choices to shape their own brand experience – not the other way around.

Sources:

https://slate.com/technology/2019/03/gdpr-one-year-anniversary-breach-notification-fines.html

https://iapp.org/media/pdf/resource_center/GDPR_Anniversary_Infographic_2019.pdf

https://www.dlapiper.com/en/uk/insights/publications/2019/01/gdpr-data-breach-survey/

https://humanebydesign.com/principles/transparent/

https://thehill.com/opinion/technology/443103-what-gdprs-first-year-says-about-data-privacy-regulation

https://www.itproportal.com/news/uk-consumers-dont-think-gdpr-has-worked/

https://humanebydesign.com