our views and our knowledge in analytics and other releveant topics

our blogs

A year on from GDPR - what's next?


25 May 2018. A date that’s permanently ingrained in the memory of marketers. This date, of course, marked the beginning of GDPR, a major shift in the world of data privacy. And what happened? Well, it wasn’t the end of the world! However, we have seen a clear shift in how data is collected and processed. Additionally, there has been a fundamental change in attitudes towards how freely individuals hand out access to their personal data.

For a couple of years leading up to the 25 May 2018, companies were warned of the potentially huge fines for non-compliance and whilst there have been a number of substantial fines, it still feels like now we’re a year into the regulation, we’re just getting to the end of a “settling in” period with a long way still to go for data privacy regulations.

So, where are we heading next? This article takes a look at what the future of data privacy regulations might look like and the impact that will have on attitudes towards the use personal data in marketing.

The fines

Although there have already been around 100 GDPR related fines in total and over 200,000 reports of breaches, data regulators have warned that the first year of GDPR is just a “transition period” and as we move into the regulation’s second year, there will be a greater number of cases publicised.

We are also likely to see more synchronicity in fines moving forward. Currently, maximum fines are defined as up to" €20m or 4 percent of annual turnover” but have varied quite significantly across different country’s data regulators. The UK’s Information Commissioner's Office has revealed that regulators across Europe are working to establish a framework for calculating fines.

Digital rights

Consumer awareness around personal data privacy is continuing to grow. Following the implementation of GDPR, attitudes towards personal data are shifting. Individuals are now much more aware of how valuable their data is.

This is set to continue. Based on European Commission research, almost three quarters of citizens are aware of GDPR and the rights it gives them. However, regulators are still concerned with how many people are reading privacy statements to understand their digital rights. It has been reported that just over half of people read privacy statements and only around 10% read them fully. This is because the statements are too long or hard to understand. It’s predicted that this will lead to a greater focus on how organisations outline their policies. For example, regulators have suggested that to fully ensure compliance, organisations should ensure that statements are concise and transparent.

The opportunities

Much of the coverage in the run up to 25 May 2018 surrounded the risks and challenges posed by GDPR. However, there was a different, and unexpected, perspective to GDPR that most people didn’t consider. GDPR actually had (and still has) the potential to be an opportunity, particularly for marketers

GDPR gave businesses the opportunity to redefine how they collect and process data, which, I believe has led to greater trust and transparency and as a result allowed businesses to deepen their relationship with customers. They now have the opportunity to place much more focus on customer engagement and to provide more relevant and personalised content to customers.

Cookie crackdown

Now that GDPR has been in force for a year, people are expecting regulators to get much tougher. But now, it’s not just GDPR that we need to consider. There are new regulations on the way set to change the data privacy landscape even further. It’s looking like what’s coming will be even stricter.

Down the line, we’re awaiting the enforcement of the updated Privacy and Electronic Communications Regulations (PECR2). GDPR was designed to protect an individual’s data, whereas the aim of PECR is to protect an individual during every stage of online interaction. This will have a huge impact on business’s use of cookies and what they can be used for. We expect that some cookies will become almost impossible to use, such as cross domain tracking cookies. This will lead to a lot of changes in technology surrounding web tracking. We’re already seeing advertisers adapt, experimenting with privacy first solutions that aren’t based off of cookies.

Conclusion - are you compliant?

2018 brought in a huge shift in regulations around personal data and privacy and it’s clear that more changes are coming, both in terms of new regulations themselves and, as a result, changes in consumer attitude. So, even a year on from the onset of GDPR, the question still remains: are you compliant? 

To mitigate the risks and benefit from the opportunities explored in this article, you need to ensure that you have a comprehensive data strategy as well as a strong collaborative approach from all of your organisation’s stakeholders. Whilst it may be true that individuals are increasingly becoming more responsible for their own data, it is vital that, in order to avoid huge consequences, organisations protect that data and act responsibly when they collect, process, and track it.

BlogsJack AaronGDPR