September 2, 2018 Ben Sapsford



GDPR (General Data Protection Regulation) – New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU.

The 25th May 2018 was when GDPR came into effect, companies needed to comply or at least display they are putting steps towards complying (the guidelines set out by the ruling were open to interpretation) with GDPR. In terms of ensuring compliance, it is up to the company to arrange checks and follow checklists, report data breaches in a timely manner and keeping their customers informed as to any changes in their privacy policy and terms & conditions. For those companies failing (we can assume this would have to be a large scale failure) there are two tiers of fines: up to £10m or 2% of annual global turnover (revenue) of the previous year, whichever is higher and up to £20m or 4% of annual global turnover, whichever is greater. Both Facebook and Google were hit with lawsuits on the 25th May totalling $8.8 billion accusing them of “coercing” users into accepting their data collection policies. A recent article in Forbes documented some passed data breaches and the potential fines if they had fallen under GDPR. The Facebook Cambridge Analyitca breach could have cost the company $1.4bn under GDPR a figure now dwarfed by the $130bn knocked off it’s value in July. This fall in value (the biggest one-day drop in stock market history) was, at least partially, attributed to negative growth in Europe due to a drop in 3m daily users as well as an increase in spending into data privacy and infrastructure as a direct result of the upcoming implementation of GDPR.

“The implementation of GDPR in Europe and continued scrutiny of privacy policies following the Cambridge Analytica scandal left investors feeling uncertain about Facebook,” says Aaron Goldman, CMO of 4C, a Facebook marketing partner.

For the smaller businesses compliance is quite achievable through changes to privacy and cookie policy. Though a large number of websites have edited messaging in their cookie notification pop up (you may have noticed you’re having to accept this again on a number of websites you visit regularly). I have noticed very few that give an option to opted out or refuse, if they do have one it’s buried or unclear, for example making it much easier to opt in than to opt out (one of the rules laid out by GDPR is that users must now have the option to both opt in and out of third party tracking – pre-ticked opt ins are also out – though these have been frowned on for some time).

A study into consumers in the UK and Republic of Ireland and their response to GDPR and privacy in general has revealed that 75% of those surveyed said “they have either activated rights, plan to stop sharing as much information or are reviewing their rights because of it” and “a third will not settle for anything – if they discover an organisation has misused their data, they will withdraw permission to use it entirely”. Large companies traditionally face regular attacks on their websites and databases but recent large-scale leaks of personal customer data such as the T-Mobile hack that resulted in the lose credit card and person details of 15m customers (on a side note I find it somewhat foolish of T-Mobile to push their Un-carrier marketing campaign message in the first paragraph of an apology to their customers for leaking their data) have done nothing to bolster customer confidence in corporate ability to protect personal information.

The hope is that GDPR leads to better use and protection of personal data, with companies paying more attention to security and data management. It remains to be seen if this will be the case but at least being aware of the general information and codes of conduct is a good start for any small organization. As with any change to company policy, keeping the customer informed and communicating regularly is essential to maintaining (and for some restoring) confidence in a company’s ability to ensure privacy.

Ben Sapsford

Ben Sapsford is Southpac's Marketing Coordinator. Ben is responsible for marketing and promoting Southpac to partners and prospective clients globally.
Get In Touch Today

Please fill the contact form below and one of our team will contact you shortly.

Contact Us