GDPR - How are businesses coping?
Now that GDPR has been in force for a number of months, we thought it was time to take a look at how it’s affecting businesses. Are companies struggling to keep up? What impact have the regulations had on digital services? Are we likely to see organisations punished with large fines in the future? Here, we take a look at how businesses are coping with GDPR and what challenges they face.
Struggling to cope with data requests
With the introduction of GDPR, businesses have found themselves struggling to keep up with a large increase in data requests being filed. Businesses such as Facebook, Netflix, and Marriott are reportedly overwhelmed by the incredible number of requests they’re faced with, and the administrative burden is thought to be huge. This situation is exacerbated by the concerted efforts of online privacy activists, who are creating apps and websites that make it easier to file a request. The Cambridge Analytica scandal has also thrown a serious amount of fuel on the fire and encouraged greater quantities of people to challenge big businesses’ data collection practices.
Searching for that data
Businesses are also struggling to locate and identify all the personal data that they’ve retained over the years. Customers now communicate with businesses over numerous different platforms, in many different ways, with all the data collected stored in a largely unorganised manner. All parts of a business collect customer data, meaning that the information harvested is often siloed and stored throughout the organisation in different places and ways. Retrieving this data is proving extremely expensive, both financially, and in the amount of time being dedicated to data collation.
Frantic marketing messages
As you’ve probably noticed, marketing departments have been hit hard by GDPR and are frantically attempting to contact their customers in an effort to update their consent agreements. Email inboxes have been flooded with messages requesting users renew their consent to be contacted, and businesses are concerned that their marketing base could be drastically reduced by new GDPR regulations.
Slim pickings from some companies
Some businesses have decided to reduce their exposure to potential GDPR punishments altogether by temporarily suspending services or cutting back the products they offer. For instance, USA Today are offering European online readers a heavily edited, ad-free version of their content, while the LA Times and Chicago Tribune online experiences are now unavailable to European users.
This approach has been pursued predominately by organisations operating outside of the EU, who may not have been as prepared for the introduction of GDPR as their European counterparts. This ‘not worth the risk’ approach demonstrates just how seriously organisations are taking GDPR and its hefty financial penalties.
Loss of important records
A number of organisations were also forced to delete large swathes of important customer data before and after the GDPR deadline, in order to ensure that they didn’t fall foul of the regulations. The TV and movie review app, Stardust, deleted all EU-based users’ records, as did unroll.me – an email filter app. However, it is worth noting that the vast majority of organisations taking these drastic steps are smaller businesses that simply don’t have the resources to prepare for GDPR or who are unable to build new systems that comply with the regulations.
The GDPR awareness effect
The introduction of GDPR seems to have had an impact on public awareness of digital privacy issues. This in turn has affected those organisations that have developed a business model orientated towards personal data collection. With the implementation of GDPR, companies like Facebook have experienced drops in membership figures, as users become increasingly aware of potentially troubling privacy policies.
It’s difficult to determine whether lower membership figures are entirely due to GDPR (Facebook were still suffering from the fallout of the Cambridge Analytica scandal at the time of writing), but the policy does seem to be impacting on these types of business.
This is not legal advice; it is intended to provide information of general interest about current legal issues.