For the past year or so, organizations have worked tirelessly to ensure that they were in compliance by the time the GDPR deadline hit on May 25. Well, the date has passed, and they’re left with the question: now what?
Many were anticipating a Y2K-esque experience – that we would wake up just as we did on January 1, 2000, see that no planes had fallen from the sky or networks were irreparably damaged, and go about our lives. But now that the compliance deadline has come and gone, it’s apparent that there might be a more eventful and ongoing fallout from GDPR than we saw with the changing calendar eighteen years ago.
Immediately following the compliance deadline, large technology organizations including Facebook, Alphabet, Apple and Amazon were targeted by Europe-based advocacy groups for perceived non-compliance. One Austrian group, Noyb.eu, filed multiple complaints totaling $8.8 billion against Facebook and Alphabet; similarly, La Quadrature du Net from France filed several against the same companies along with Apple, Amazon and LinkedIn.
It’s clear from these initial reactions that there are those who seek to leverage GDPR to show their displeasure with the way some large organizations conduct business. But aside from these immediate acts of advocacy, in all likelihood, we can expect a slower stream of implications as a result of the new regulations.
As the dust settles it will become clearer that the compliance deadline is the starting point for a longer journey towards protecting user data on a global scale. As the ramifications of GDPR begin to take effect, here are a few things that can be done.
1. Anticipate the violation: Whether accidentally, incidentally or intentionally, someone somewhere is going to be in violation of GPDR (and in all likelihood, many people already are). The question is what is going to happen when that occurs? We have already seen advocacy groups attempt to target major organizations for non-compliance; most likely, it is these major companies that will bear the brunt of the regulations at least initially. Smaller organizations that hold less data or may have had less resources to immediately comply likely won’t find themselves targeted quite as drastically as the big companies that have far more resources, not to mention nearly unprecedented access to user data.
2. Think globally: GDPR may be claiming the majority of the spotlight these days, but it’s far from the only data protection regulation around the world. As GDPR is rolled out, we can expect more governments to implement data protection regulations of their own to either match GDPR or institute more regionally relevant privacy laws. These conversations are already in progress in other major markets such as the United States, and we can expect even more regulation to become commonplace as the effects of GDPR are realized.
3. Embrace the change: With businesses needing to receive expedited permission to continue data collection and communication, it’s natural that concern will be raised about the impact this will have on sales opportunities, marketing and overall interaction with customers and prospective customers. However, the reality is that the quality of communication between business and consumer can greatly increase under this new model. Any individual who chooses to opt-in to communication is almost guaranteed to be a person with interest in what your business has to offer, which will result in a much higher quality user database and more meaningful communications. Not only that, but as users increase their confidence in how their data is being handled, we can expect their trust in business as a whole to increase as well. This would be a welcome change in a time when mistrust of corporations and how they use consumers’ data feels to be at an all-time high.
Despite the long ramp-up towards the GDPR compliance deadline, the effects of the new regulations are still very much in infancy. We should expect to see many more global implications as the law continues to take effect and we look towards what comes next in this new era of data privacy.
Related: The Future of GDPR - Dead, Diluted, Detested or Accepted?