Five years from now, we’ll look back on the enforcement of GDPR as the turning point in how we view data protection. Between the tightened definitions and enforcement under GDPR and the consumer backlash from the Cambridge Analytica data scandal, everyone is becoming more aware of what data is available for possession and how it is used.
Related Content: Three Easy Steps Toward GDPR Compliance
The United States is already seeing steps toward state legislatures enforcing how consumers’ personal data is used, with bills in committee such as the Data Broker Protection Act in Vermont and the Consent Act led by senators in Massachusetts and Connecticut. Another is taking place right now in California, proving this discussion isn’t ending any time soon.
In a survey of more than 1,000 companies conducted by the Ponemon Institute in April 2018, half of the companies reported they won’t be compliant by the May 25 deadline.
Another ramification of GDPR will be that personally identifiable information—which currently is articulated differently under HIPPA, COPPA, and within CAN-SPAM—will be more singularly defined and regulated, similar to how it is under GDPR.
In a survey of more than 1,000 companies conducted by the Ponemon Institute in April 2018, half of the companies reported they won’t be compliant by the May 25 deadline. When separated by industry, 60 percent of tech companies say they won’t be ready. “Companies, especially US companies, are definitely scrambling here in the last month to get themselves ready,” said Jason Straight, an attorney and chief privacy officer at United Lex.
Related Content: How To Deliver Relevance With Your Email Marketing Strategy
What to do if you’re not ready
Getting ready for the GDPR requires a lot of preparation and planning. With only a few days remaining before the deadline, there’s not a lot that can be done for businesses that aren’t yet compliant, but there are a few steps brands can take to make sure they’re on the right track:
- Check your setup to make sure that any data integrations are able to meet the deadlines imposed by GDPR for unsubscribe and deletion requests.
- Setup an internal plan of action to handle any potential fall-out and set up a meeting with the necessary teams for the end of June to review anything that has come up as a result of GDPR.
Everyone has their sights on the May 25 deadline, but as I mentioned, the topic of data protection is just beginning. We’ll be following the discussion and providing insights on the latest regulations, so make sure to follow us on Twitter to stay current on the data privacy conversation.