GDPR came into effect exactly one month ago today (at the time of writing). The build up to the date increased in intensity with a fervour I hadn’t seen since the countdown to the millennium and the collective fear of the Y2K bug. Of Course, unlike Y2K, GDPR and the potential prosecutions and fines are very real. From an organisational standpoint, we’ve worked tirelessly to make sure that, as an agency who handles every conceivable type of data (see our GDPR broadcast to learn some eye-opening facts about GDPR and video!) we are ready to protect our data subjects and data owners.
In this blog I’m more interested in understanding if GDPR has had much impact on me as a data subject. Am I Spam free? Has my inbox become a beacon of clarity? Is my data self now guarded by a digital iron fist? As far as I can tell, not so much.
The quiet before the storm
That’s how the saying goes, right? Of course, the run up to the implementation of GDPR was the complete opposite. Our inboxes were suffocated by a slew of spam at levels never before seen. Biblical style predictions of the end of entire industries abounded, companies were deleting entire databasesand confidence was rocked in how our data is managed with the Facebook and Cambridge Analytica scandal.
It seemed that GDPR was poised to herald a new dawn in consumer control of their data and a move towards a more open and understood internet where control of our most valuable commodity which effectively pays for all the services we love online (data) was back in our hands.
The Prosecution doesn’t rest
Some areas of GDPR didn’t provide huge clarity around exactly what would constitute a breach. Internally we saw a few comparisons with another piece of legislation which dominated the headlines back in 2010. The Bribery Act. It took six years before the Crown Prosecution Service got their first conviction under the bribery act but GDPR promised to be different as the potential for fines and the people who could seek recompense vastly outstripped the scope of the aforementioned legislation. Prior to GDPR and straight out of the pages of Chris Morris’s satirical notebook, it was the CPS themselves who fell foul of the old DPA legislation and receive a hefty fine for leaving sensitive videos on a reception desk, including data about vulnerable children.
We have also seen the prosecution of an individual under GDPR, not just an organisation, as a charity worker was personally prosecuted for his part in a data breach. Confidence in the Ad tech market also took a significant hit as spend in the EU plummeted as brands chose to err on the side of caution rather than be headline news themselves.