Five years from now, we’ll look back on the enforcement of GDPR as the turning point in how we view data protection. Between the tightened definitions and enforcement under GDPR and the consumer backlash from the Cambridge Analytica data scandal, everyone is becoming more aware of what data is available for possession and how it is used.

Related Content: Three Easy Steps Toward GDPR Compliance

Because of the diligence U.S. businesses have exhibited in preparation of GDPR, we can expect to see a trickle-down effect in three key areas: we’ll see consumers demanding to be more aware of what data is being used by businesses, businesses will become stricter on their data and privacy policy enforcement, and legislatures will continue to work to better regulate the storage and sharing of personal data collected.

The United States is already seeing steps toward state legislatures enforcing how consumers’ personal data is used, with bills in committee such as the Data Broker Protection Act in Vermont and the Consent Act led by senators in Massachusetts and Connecticut. Another is taking place right now in California, proving this discussion isn’t ending any time soon.

In a survey of more than 1,000 companies conducted by the Ponemon Institute in April 2018, half of the companies reported they won’t be compliant by the May 25 deadline.

gdpr consent act

From a presentation by Gary Kibel, Partner at Davis & Gilbert LLP at the MediaPost Email Insider Summit, 2018

Another ramification of GDPR will be that personally identifiable information—which currently is articulated differently under HIPPA, COPPA, and within CAN-SPAM—will be more singularly defined and regulated, similar to how it is under GDPR.

In a survey of more than 1,000 companies conducted by the Ponemon Institute in April 2018, half of the companies reported they won’t be compliant by the May 25 deadline. When separated by industry, 60 percent of tech companies say they won’t be ready. “Companies, especially US companies, are definitely scrambling here in the last month to get themselves ready,” said Jason Straight, an attorney and chief privacy officer at United Lex.

Related Content: How To Deliver Relevance With Your Email Marketing Strategy

For now, most brands are just updating privacy policies and alerting their customers about the updates, hoping that will cover them. However, this may not be enough to ensure a brand is completely abiding by the GDPR. If a brand fails to update its privacy policy correctly, or a subscriber makes a request (to review data the brand is holding, to request it be deleted, etc.) and a brand can’t or doesn’t respond appropriately, that brand will be penalized. A brand can also be penalized if it doesn’t report a violation within the tight timeframe specified by the GDPR. Once the first major brand is hit with a violation, we’ll see other companies scrambling to fix their policies.

What to do if you’re not ready

Getting ready for the GDPR requires a lot of preparation and planning. With only a few days remaining before the deadline, there’s not a lot that can be done for businesses that aren’t yet compliant, but there are a few steps brands can take to make sure they’re on the right track:

  1. Review (again) your privacy policy to make sure there aren’t any red flags. By this point, your legal teams should have reviewed it and made any necessary updates. Make sure the updates have been communicated to your subscribers and there is a plan in place to update all links leading to it by the deadline.
  2. Check your setup to make sure that any data integrations are able to meet the deadlines imposed by GDPR for unsubscribe and deletion requests.
  3. Setup an internal plan of action to handle any potential fall-out and set up a meeting with the necessary teams for the end of June to review anything that has come up as a result of GDPR.

Everyone has their sights on the May 25 deadline, but as I mentioned, the topic of data protection is just beginning. We’ll be following the discussion and providing insights on the latest regulations, so make sure to follow us on Twitter to stay current on the data privacy conversation.

Keep In Touch

Stay up-to-date on the latest digital trends, DEG news, and upcoming events by subscribing to DEG's newsletter.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>