This is not going to be an overview of the entire effects of the Regulations, but mainly how the provisions have affected email marketing. Many suggested, during the prolonged gestation of the GDPR, that the compromises forced on the regulators would ensure that it would be toothless and unfocused. Has this turned out to be true?
The Regulations are not perfect. I doubt anyone expected them to be but, and it is a significant but, they have proved reasonably effective when enforced by enthusiastic and skilful Data Protection Agencies. We have had eye-watering fines imposed by some DPAs while others, even those policing a significant number of massive international companies with massive data, have had few to none. The imbalance is might not confidence inspiring.
It would appear that the opponents of the GDPR are seeking to change the provisions, and some might say water them down. It was not unexpected. However, two years is too short a time to identify where modification is essential and where it could prove useful. Some have suggested that the many, well-advertised, enforcements of the Regulations have hit consumer confidence while others, particularly those belonging to email marketing lists, have been reassured by the severity of the penalties.
Just over a year ago the ICO announced it was seeking to impose fines on two companies totalling in excess of EU 300 million. The data breaches which gave rise to these penalties, particularly that pertaining to British Airways which leaked the personal data of approximately half a million customers, was the source of considerable negative publicity regarding data security. The fine, although the amount is not yet settled as it seems the impacts of Covid-19 will be taken into consideration, was reassuring. Someone in authority was treating it seriously.
For those of us involved in email marketing, the fact that the regulations are harmonised across the EU has got to be a good thing, if only for the sake of costs. It doesn’t take a lot to imagine the workload of fragmented regulations. Of course, that does not take into account the problems with the USA, with its independent states doing their own thing. Safe Harbor was largely derided, except by the Americans of course. California’s Consumer Privacy Act has gone a long way to pressurise Congress, although not enough, it seems, to act.
It is probable that we will experience our own particular problems once Brexit is finalised as there may well be conflict between the GDPR and regulations in other countries. Something to look forward to there. That’s not to ignore the fact that a number of EU states have their own interpretation of the Regulations, and these are not helpful. Many suggest that the GDPR is a work in progress and few would disagree.
It seems probable that the GDPR has, despite prediction, encouraged a certain degree of confidence in the regulations by the public at large. People still seem willing to share their personal data on email marketing lists. It is up to us to ensure that their faith is well placed.