GDPR – two months in, how are businesses coping?
How is GDPR affecting businesses? Are companies struggling to keep up? What impact have the regulations had on digital services? Paul Reader, Berry & Lamberts Managing Partner and head of dispute resolution takes a look
Struggling to cope with data requests
With the introduction of GDPR, businesses have found themselves struggling to keep up with a large increase in data requests being filed. Businesses such as Facebook, Netflix, and Marriott are reportedly overwhelmed by the incredible number of requests they’re faced with, and the administrative burden is thought to be huge. This situation is exacerbated by the concerted efforts of online privacy activists, who are creating apps and websites that make it easier to file a request. The Cambridge Analytica scandal has also thrown a serious amount of fuel on the fire and encouraged greater quantities of people to challenge big businesses’ data collection practices.
Businesses are struggling to locate and identify all the personal data that they’ve retained over the years. All parts of a business collect customer data, meaning that the information harvested is often siloed and stored throughout the organisation in different places and ways. Retrieving this data is proving extremely expensive. Realistically the impact on SME’s is a lot smaller.
Frantic marketing messages
As you’ve probably noticed, marketing departments have been hit hard by GDPR and are frantically attempting to contact their customers in an effort to update their consent agreements. Email inboxes have been flooded with messages requesting users renew their consent to be contacted, and businesses are concerned that their marketing base could be drastically reduced by new GDPR regulations.
Slim pickings from some companies
Some businesses have decided to reduce their exposure to potential GDPR punishments altogether by temporarily suspending services or cutting back the products they offer. For instance, USA Today are offering European online readers a heavily edited, ad-free version of their content, while the LA Times and Chicago Tribune online experiences are now unavailable to European users.
This approach is predominately being followed by organisations operating outside of the EU, who may not have been as prepared for the introduction of GDPR as their European counterparts. The ‘not worth the risk’ approach demonstrates just how seriously organisations are taking GDPR and the financial penalties.
Loss of important records
A number of organisations were also forced to delete important customer data before and after the GDPR deadline, to ensure that they didn’t fall foul of the regulations. The TV and movie review app, Stardust, deleted all EU-based users’ records, as did unroll.me – an email filter app. However, it is worth noting that the vast majority of organisations taking these drastic steps are smaller businesses that simply didn’t have the resources to prepare for GDPR or who are unable to build new systems that comply with the regulations.
The GDPR awareness effect
The introduction of GDPR seems to have had an impact on public awareness of digital privacy issues. This has affected those organisations that have developed a business model orientated towards personal data collection.
On the other hand, many businesses now have qualified lists of interested clients and have reduced time and cost wastage of marketing to those who are uninterested.
The contents of this article are for the purposes of general awareness only. They do not purport to constitute legal or professional advice. The law may have changed since this article was published. Readers should not act on the basis of the information included and should take appropriate professional advice upon their own particular circumstances.