Before the GDPR came into force on May 25th 2018, Data Protection was something that was often treated as an added extra to a business’ offering. Prior to the new law, information had been gained through implicit consent. Users were not aware of where and how their data was used and receiving e-mails from websites you had merely looked at was commonplace.
Although the GDPR was a long time coming – 7 years in the making – businesses still felt flustered when May 2018 came around. Many initiatives for compliance were last minute and most organisations focused on re-permissioning e-mails which lead to a dramatic drop in database volumes. However, this mass opt-out on day 1 was beneficial in clearing out databases of passive users, leading to a more engaged audience who are happy to receive marketing e-mails from specific brands. In theory we should now see e-mail conversion rates skyrocket.
Some organisations saw the GDPR as a similar deadline to the Y2K panic. Yet, the GDPR is not something that was going to simply go away after the deadline, it is something that needs to be worked on daily in all organisations to maintain compliance and accountability.
An Unlimited Group study compiled by Nick Chiarelli (Head of Trends, Unlimited Group) and Stephen Welch (Joint MD, Realise Unlimited), found that 92% of organisations surveyed claimed a level of confidence in demonstrating their ability to conform to GDPR in the long-term, although 35% are concerned that they don’t have sufficient resources to sustain their compliance. Finding the right people to do the work has been a challenge for most organisations and now privacy professionals are sought after more than ever before.
The first year of the GDPR in the public eye has been largely focused on fines. The ICO is misunderstood here, they don’t wish to go in and fine a business. They have a pragmatic response and want to help companies and encourage them to fix the problem rather than hit them with an initial large fine. The Information Commissioner, Elizabeth Denham noted that, “last May marked a seismic shift in privacy and information rights”. The ICO know it’s a big change and want to help pull businesses through. It’s important for businesses to trust the ICO and see them as helpful and not a hindrance as the GDPR enters its second year.
The same survey looked at public understanding of the GDPR a year on and found that public comprehension is, “ok but could be better”.
The study also shows that GDPR awareness is high in 2019 with 78% of the public knowing about / having heard of the new data protection law. In terms of age demographics, the highest with awareness is 45-54 with 82% of that age range being conscious of the GDPR.