One year in, are you a GDPR or a GDPR-nt’?

One year in, are you a GDPR or a GDPR-nt’?

Christian Sharp

Christian Sharp

It’s a year today since the GDPR regulations came into operation, but it probably feels like longer to most marketers.

What’s changed? Well, according to the news, there’s been €55m of fines delivered across Europe, although this includes a chunky €50m for Google’s ad personalisation misconduct.

In the UK, there haven’t been any fines to date, although an enforcement letter has been delivered to a firm in Canada. A menagerie of fines and further letters can be seen on the ICO’s website, but most of them – including a £385,000 fine to Uber – are under the ‘new’ Data Protection Act rather than the GDPR.

Of course, GDPR has made everyone more aware of data protection regulations, whether they want to be or not. And perhaps more importantly, it’s raised awareness of how data flows around the organisation, how much of it there is and the importance of taking care of people’s data, especially within protected categories.

In the last year, we saw a vast number of vendors roll out solutions; some of which were user-friendly and many that were not. The fifty-one different comments on our blog post ‘reconsenting Mailchimp lists ahead of GDPR’ showed not only confusion around how to handle mailing lists, but also how last-minute Mailchimp’s own guidance was. One of the major things we learnt was how broad a base for data processing ‘legitimate interest’ is – and if we’d known this ahead of GDPR, our blog post would have looked a lot different!

Overall, our analysis of GDPR’s intent was ‘handle data responsibly’ and that’s a firm, fair and necessary mission. Knee-jerk deletions of consumer data were almost certainly unnecessary but completely understandable, given the size of the fines. One of our overall feelings about the handling of GDPR was that it uncomfortably straddled a few roles: many of those responsible were marketers with limited support and a limited grasp of regulations, however well they’d handled PECR in the past.

That said, the fact that no UK fines have been given out is either a sign that most British organisations handled the regulations responsibly – or that the mammoth amount of administration and organisational re-architecting is still a work in progress. Right now, no news is good news – although time will tell.

Share this story:

Read more from the blog

Blog

Does cybersecurity have a comms problem?

Cybersecurity is crucial in today's world. However, many people still struggle to understand what it involves - is poor comms to blame? ...Read more

Alexandra Kourakis
Alexandra Kourakis
Blog

Avoiding the pitfalls of impulsive PR

While it is tempting to be part of the hottest media topics of the day, businesses should be wary of getting involved in conversations they really shouldn’t be ...Read more

Matthew Healey
Matthew Healey
Uncategorised

Setting Sail: Navigating the Business Seas with Reputation

In the vast and often turbulent waters of the business world, organisations must navigate through ever-changing currents, unpredictable storms, and shifting tides. ...Read more

Selina Jardim
Selina Jardim

Add a comment

Time limit exceeded. Please complete the captcha once again.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Is it time to shape your reputation?

We operate in London, Paris and Munich, and have a network of like-minded partners across the globe.

Get in touch

Sign up to Spark, our newsletter

Receive thought pieces from our leadership team, views on the news, tool of the month and light relief for comms folk

You can unsubscribe at any time, please read our privacy policy for more information