Remember the disaster that was the millennium bug?
No?
That’s because one of the most hyped and feared events in technology history amounted to… absolutely nothing. Zilch. Aeroplanes didn’t fall out of the sky, the internet didn’t disappear and nuclear missiles weren’t inadvertently sent skywards.
The introduction of the new GDPR rules on 25th May 2018 had a similar ring to it. Leading up to the launch of the biggest change to data protection legislation in living memory, there was scaremongering aplenty and a whole raft of so-called experts touting their wares and charging businesses a small fortune for helping with compliance.
We all know what happened on GDPR Day, because it will have impacted anyone with an email inbox.
A week or so leading up to the 25th May, the emails started flooding in. They were relentless, confusing and seemingly devoid of obvious calls-to-action. Poorly written and hurried out of the door, they did nothing more than confirm that even the biggest companies on the planet had left things rather too late.
“Re-subscribe to our email list!”, “Our privacy policy has changed!” - it all became rather tiresome.
Similarly, our favourite websites began hitting us with obtrusive, poorly designed and word-heavy pop-ups asking for our cookie consent and explicit desire to carry on browsing. It seemed that even agreeing to these new rules had little effect; the boxes would simply reappear on the next visit.
And then, it all stopped. The emails receded, and the websites began behaving themselves again.
So… did anyone get it right?
Amongst the dreadful examples of rushed GDPR compliance, there were some gems. The businesses that took their time and sought the best advice managed to create GDPR campaigns that started much earlier than the week leading up to the legislation’s introduction.
So smart were these businesses, in fact, that you probably won’t have noticed. They’ll have emailed you months ago asking for confirmation that you’d like to receive emails from them, and because the GDPR was far from the headlines at that stage (the media are just as guilty of being last minute with this stuff), you’ll have happily complied.
It’s these same businesses that will have invested time and some much-needed expense in their websites to ensure all contact forms, data collection and back-end access was ready for the new rules. And users won’t have known a thing about it; they’d simply have continued happily on their digital journey.
Now the dust (or what there was of it) has settled, what can we expect from the GDPR in the immediate future?
I think there’s five key things we’ll need to keep in mind:
1. There won’t be any big fines - yet
GDPR fines are massive - 4% of global turnover or ¢20million - but such powers are unlikely to be exercised early on. At this stage, they’re more carrot than stick.
2. The task isn’t ‘done’
Even if you were one of the smart businesses who got GDPR compliance right, this is an on-going strategy that needs to sit at the heart of your business and develop as you grow.
3. There will be a period of adjustment
This applies to both businesses and consumers; the GDPR is a significant change to data law, and will likely be evaluated and evolve over time.
4. Some won’t keep their promises
You know all of those privacy policies you agreed to and email lists you opted out of? Don’t expect them all to come good on their word…
5. There won’t be a reduction in cyber crime
The GDPR is designed to protect our personal data, but it won’t deter cyber criminals; that task is much wider and more far reaching than legislation change. Don’t let down your guard!
The GDPR is good for all of us, and I salute you if your business adopted it pragmatically.
This is a journey that has only just begun, but one that will only realise its intentions if we all embrace it fully - and sensibly
Web Design Northampton by New Edge
Ⓒ Copyright Pete Halsey
