By Mayfield UK, Monday 9th July 2018
Well, we made it. GDPR came and went, and you’re still in business. No one’s suing you (at least we hope not). And by now you’re probably forgetting what all the fuss was about.
To recap, the countdown to Armageddon went a little like this:
GDPR minus twelve months: We’d better nominate a Data Protection Officer and get compliant.
GDPR minus three months: Inundated with ‘are you ready?’ and ‘you’d better be compliant’ emails.
GDPR minus one month: Lawyers instructed, Privacy Statements written and policies updated.
GDPR minus one week: Hundreds of emails with the, ‘click to ‘opt in’ to continue to receive our newsletters before GDPR’ from organisations we had never heard from and certainly didn’t sign up to. This new regulation could really help keep our inboxes tidy…
GDPR minus one day: The hordes of spam Hell are unleashed! https://www.theguardian.com/technology/2018/may/24/last-minute-frenzy-of-gdpr-emails-unleashes-torrent-of-spam-and-memes
GDPR Day: Eerie silence. Nobody suing me, nobody wanting to be ‘forgotten’. No spam! Win.
GDPR plus one day: Spoke too soon. Emails continue from marketing companies wanting to know if I want to buy smoking shelters, sell the business, recruit a talented residential estate agent, replace my double glazing or save £££s on a new photocopier.
Perhaps we’re overstating it. But, judging by the state of our inboxes, little has changed. The spammers found a way. That shouldn’t surprise us - like the common cold, they mutate and adapt.
We all know that GDPR is essentially a good thing. You don’t have to subvert an election to know that data can be misused. We at Mayfield did what we needed. We took the regulations seriously, and made sure we implemented them properly. Probably you did to.
We’re not denying it was a lot of hassle. But a lot of the hassle was self-inflicted. According to these people [https://www.superoffice.com/blog/gdpr/] 97% of businesses weren’t ready for GDPR. This lack of preparedness showed. Too many companies misinterpreted the new legislation and wound up doing stuff they didn’t need to – like cancel their newsletters, or mail out fresh consent forms for everything.
Some websites disappeared, or at least went dark while their owners surveyed the new landscape. Other sites were stripped back completely. A couple of weeks on, it’s tempting to see these as over-reactions.
But we’re not out of the Data Protection woods yet. GDPR is something new and unprecedented, and its effects have yet to be fully realised. Just ask Matt Brittin, Google’s EMEA boss. Brittin has admitted that Google is still working out the legislation’s full implications. Warning of a ‘bumpy road to compliance’ Brittin said: “It’s very well intentioned, but a lot of the detail of the regulation came through very late,” he said. “All of us have been rushing to make sense of it and define how we deal with it.”
As Ben Rothke notes https://www.csoonline.com/article/3283235/privacy/it-was-35-days-to-gdpr-and-a-lot-of-sleepless-nights.html the question of what constitutes ‘in-scope data’ remains ambiguous. If long-term complications arise, it’ll probably be over this question…
Our two cents? We’re prepared for anything. But we’re also cautiously optimistic.
The privacy law floodgates haven’t opened (at least not yet). And, barring the occasional multi-billion-dollar lawsuit (https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe), things don’t look too different.
Perhaps, when the dust finally settles, we’ll be surprised at how little has actually changed. Your website will look much the same, your mailing list won’t be any shorter, and your inbox will still be full of spam.