While businesses had years to prepare for the GDPR, most of them are still working on compliance even after the regulation came into effect on May 25th. According to a survey by Trust Arc, over a quarter of companies (27%) haven't even begun the process of making themselves GDPR-compliant. Only 20% of the businesses consider themselves fully ready, while the rest are at different stages of GDPR adoption.
These numbers might be far from perfect, but they are a vast improvement over the last year's survey results. In 2017 only 38% of the companies were working on GDPR compliance in the US (37% in the UK). What's more important, nearly three-quarters of the respondents hope to be compliant by the end of 2018. In another year, 93% expect to meet the requirements of the GDPR fully.
Curiously, most businesses adopt GDPR to gain customer trust and meet their expectations. Corporate values and partner requirements are among the top three reasons for implementing new privacy policies. The astronomical fines stipulated by the GDPR are ranked the fourth on the list of reasons for adoption.
Surprising Results of the GDPR
Governments worldwide are picking up the banner and passing national data protection laws. China, Brazil, and California (USA) were among the first to drive changes in a post-GDPR world.
Many US-based websites restricted access for EU citizens to avoid troubles with GDPR compliance. However, this approach is not sustainable in the long run, so most businesses adopt it while rushing to meet the new requirements.
Email marketing suffered a critical hit as users started a massive unsubscription campaign to get rid of the unwanted newsletters. Some companies reported the loss of 80% of their mailing lists.
Businesses were flooded with user requests to be forgotten. According to the survey by The7Stars, a third of the UK citizens plan to exercise the right outlined by the GDPR, while 78% of British companies suffer unreasonable compliance expense.
The chance to opt out of third-party services, such as analytical and advertising tools, dramatically decreased website loading time and improved the user experience for the EU citizens.
First-hand data value increased compared to third-party information. Users expect personalized experience and offers in exchange for detailed personal information they provide to the businesses of their choice.
The UK Royal Mail lost 6% of the parcel volume and 7% in revenue, as businesses reduced the number of unsolicited addressed letters to avoid GDPR fines.
Post-GDPR Lawsuits and Fines
Besides its pro-user tone, GDPR is infamous because of its astronomical fines. They can reach up to 4% of the company's turnover or 20 million Euro. While some lawsuits have already been filed citing GDPR requirements, there is still no precedent for companies fined for non-compliance with the GDPR.
Unsurprisingly, the Internet giants, such as Google and Facebook, were the first to come under fire. Max Schrems, a privacy rights activist from Austria, filed several lawsuits against Facebook, Google, Instagram, and WhatsApp. The combined fines can reach $8.8 billion. The activist claims the companies coerce users into sharing personal information with an opt-in box that doesn't offer the particularized consent required under the GDPR. Both Google and Facebook refuted the accusations and defended their products, claiming a privacy-by-design approach and multiple changes made to meet the new regulation's requirements.
Meanwhile, Ticketmaster may become the first victim of the GDPR fines. The company did not report a continuous breach that leaked the personal data of over 40,000 international users from September 2017 to June 2018. Ticketmaster should have protected personal data better and reported the breach within 72 hours of discovering it. Now businesses worldwide are waiting for the ruling as it will set a precedent for GDPR adoption and implementation.
The world didn't end on May 25, 2018, but many businesses failed to use the time before the GDPR came into effect to become fully compliant. Despite unexpected adverse effects, most companies embrace the new requirements to gain the customer's trust and loyalty. How is your business handling the post-GDPR landscape?
Do you want to learn more about the requirements and fines? If so, let us know in the comment section. Please share this article on social media and don't forget to subscribe to the FreshCode blog to be the first to learn of the latest IT news and trends.