After nearly seven years in the making, GDPR finally becomes law today (May 25) but even those companies which have met the deadline – likely to be in the minority – have been warned that it is not just a “one-off adjustment”, the new regulation requires a complete change in behaviour over how personal data is used.
However, even now misinformation is widespread. Last night’s BBC News at Ten included a report which claimed that every organisation needs to appoint a data protection officer, while earlier in the week the Financial Times reported that organisations must obtain explicit consent to use and retain data.
Deputy Information Commissioner Steve Wood told Decision Marketing: “May 25 is not the end, it is the beginning, and the important thing is that organisations take concrete steps to implement their new responsibilities – to better protect customer data. There isn’t a deadline in the sense that if organisations aren’t compliant by today, then they’ve missed their chance.
“We recognise that most businesses want to get this right and we will always look to educate, engage and encourage. We’ll continue to support organisations in the run up to and after the new law takes effect and we’re adding to these resources all the time, so keep your eye on our GDPR resources pages on our website.”
REaD Group chief executive Jon Cano-Lopez insists that businesses should be welcoming the regulation with open arms. “Easier said than done? Maybe, but those of us with data and consumer interests at our heart have been working extremely hard to reach the high-level benchmark that GDPR demands.
“However, clearly not all companies will be 100% ready by today. But as long as they have applied everything that is reasonable and they are moving in the right direction, it’s unlikely that the ICO will knock on the door on Tuesday and ask them to prove 100% compliance. Equally, those that have had their heads deep in the sand (and there are many!) to avoid the approaching change had better look out, as they have already had two years and time is up.”
Cano-Lopez reckons that assuming a business has taken the right steps and can demonstrate responsibility, new levels of transparency and is not doing anything with data that “feels wrong”, they should apply the “keep calm and carry on” method.
But he adds: “GDPR is not about today. It’s about every subsequent day. It’s not a one-off adjustment – it requires a complete change in behaviour. A change to a more responsible world of data and a consumer that is more positively disposed and trusting.”
Blueberry Wave director of planning and analysis Steve Mattey agrees: “Businesses need to seriously take note that this is beginning of the new age of personal data, not the end. It has felt like a race to get to May 25 for many. But it isn’t. This fundamentally has to change the way that brands behave with their customers – now.
“I need not remind anyone that personal data is big news. Brands have to work really hard to get and keep that right to it. Trust, transparency and honesty are three words it’s easy for me to say, but really hard for brands to deliver. Yet deliver they must or else the new data-savvy and legally-aware consumer will say ‘no more’ really quickly. Those brands not up for this challenge will be consigned to the trash bin both on my desktop and commercially.”
For Wilmington Millennium director Karen Pritchard today also marks the beginning of a new era. She said: “There has been much scaremongering from people that should know better about how GDPR was going to kill off the direct marketing industry. However, we’ve been through similar issues before and what happens is that the industry responds by cleaning up its act.
“This is merely another shakeout where we will see practitioners of disrepute disappear. This can only be a good thing. Already we’ve seen a marked difference following the ICO’s crackdown on telemarketing and GDPR will mean that moving forwards organisations will be forced to treat their customer data like the valuable asset it actually is.”
And W8Data managing director Will Anthes believes that companies are already showing signs of change. “Six months ago our research revealed that only a third of customer data complied with GDPR. However, with the flurry of repermissioning campaigns we’ve seen over the past few weeks we now believe that this is closer to two thirds. This means that organisations have not lost the swathes of customers that many feared would be the case.
“The next few months will be about brands managing their customer data efficiently and ensuring that it is as clean and up to date as possible.”
One day until GDPR D-Day: ‘Daily Mail helped charities’
One day until GDPR D-Day: Non-EU countries want laws
Two days until GDPR D-Day: Microsoft spanks Facebook
Two days until GDPR D-Day: Two-thirds to ditch brands
Facebook displays ‘contempt’ with Zuckerberg no-show
Three days until GDPR D-Day: Three top tips from ICO
Four days until GDPR D-Day: Public happy to share data
Four days until GDPR D-Day: Only seven EU states ready
Seven days until GDPR D-Day: Firms still floundering
MPs ‘as clear as mud’ about how to comply with GDPR
‘Inadequate’ Data Protection Bill is ‘already out of date’
Parish councils win reprieve as ICO gets more powers
New laws threaten online ‘havoc’