GDPR: So what happens next?
GDPR comes into force today. Paul Snell offers his thoughts on how we got here, and what'll happen now
It’s finally here, after an excruciating wait, bucket loads of hype and many a sleepless night.
And, oh yeah, and a little thing called GDPR is coming into force too.
You’ve probably been wading through a slew of emails begging you to opt into comms that you never even realised you signed up to, or informing you of changes to the terms and conditions of a service you’ve never used. Although I’m sure that number is fewer than the number of emails and press releases I’ve had in the past week offering me articles and news stories from experts on what GDPR means for marketers.
(Thanks guys, where were these experts 12 months ago when people like us actually needed advice on what to do?)
Among the tidbits I’ve been treated to in the past week are that GDPR is a hotter search trend than Beyoncé, that two-thirds of individuals intend to have a spring-clean of the firms that hold their data, and that companies selling data to third-parties without consent is only a bugbear for less than half of people.
However, I have noticed a surge of positive sentiment from individuals, anecdotally at least, delighted that they won’t be receiving emails from companies they never wanted to in the first place.
Confusion is still king
The spurious nature of the EU’s “two-year” implementation period is highlighted when the regulator only publishes its guidance on consent a mere 16 days before the legislation is scheduled to come in.
Perhaps this has contributed to the confusion that even MPs and their staff don’t really know what GDPR means. According to this piece, MPs staff have been told they can’t keep information of constituents’ case work that have been completed. It highlights the conflicting advice on offer. And if our lawmakers can’t even find the right source of information, what hope is there for the rest of us?
But this situation isn’t unprecedented, as whenever such sweeping (and poorly drafted) legislation comes into force, companies just have to make their best endeavours. I reported on the introduction of the Bribery Act a few years ago which inspired similar levels of angst among my readership at the time, only for a panicked press release from the government to arrive on the day of implementation that it wasn’t the intention of the new law to prohibit corporate hospitality, which was exactly what the letter of the law had suggested for the previous two years.
I’ve always said it’s difficult to anticipate the approach of the regulator, but it’s been reassuring it says it doesn’t want to bring the hammer down straight away – although that shouldn’t be seen as an invitation to take it easy on the implementation.
We probably won’t know really know how it all shakes out until the first enforcement action is taken. But let’s just hope we don’t end up as those necessary test cases.
Far from signalling the end of marketing, GDPR should be seen as an opportunity to rethink your marketing strategy and reposition the function as a source of genuine competitive advantage.