It is almost a year since the new EU-wide GDPR (General Data Protection Regulations) legislation was introduced and so far approaching 60,000 breaches by companies have been reported across Europe.
The UK, the Netherlands and Germany have reported the most, ranging from minor errors such as missent emails to major cyber hacks.
In the UK the ICO (Information Commissioner’s Office) oversees and takes action on GDPR breaches and has powers to impose massive fines for those found guilty.
In a speech in New Zealand the UK’s ICO commissioner Elizabeth Denham revealed that in the first six months of the new law her office was seeing “More complaints from the public – from 9,000 to 19,000 in a comparable six month period. Complaints about subject access, data portability and data security. All of our front line services have jumped by at least 100%. More breach reports – over 8,000 since the end of May when it became mandatory in some high risk circumstances”.
Where has GDPR had most impact?
GDPR has certainly made the job of marketers and advertisers more difficult, not only in how they go about promoting products and services on behalf of their clients but also in collecting and analysing the results.
Facebook and Google (the two largest digital ad platforms) changed their rules to make themselves GDPR-compliant. They ended support for third-party audience technology and prevented marketers from exporting data. LinkedIn on the other hand still allows data to be downloaded.
In fact, in January in France, Google was hit by a €50m fine by its regulator for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
In the UK in March the ICO fined Vote Leave Limited £40,000 for sending out thousands of unsolicited text messages in the run up to the 2016 EU referendum. It also fined a Kent-based pensions advice company £40,000 for being responsible for sending nearly two million direct marketing emails without consent.
From personal experience, the volume of unsolicited marketing calls has diminished noticeably and it is rare nowadays to visit a website that does not immediately advise visitors in a pop up of its cookie policy on information gathering and offer the option to manage or opt out altogether.
Despite the reduction in marketing emails and texts the volume of unsolicited telephone calls seems to continue, but most seem to come from abroad while purporting to be via BT.
While all this clearly means that UK advertisers and marketers may have to come up with more innovative methods it is surely a welcome relief to be pestered less frequently.