The European Union General Data Protection Regulation, known as GDPR to most, has made headlines for over a year. This set of privacy laws restricts how companies can collect and use the data they collect from users. These regulations work to help protect customer information and ensure privacy, but certain compliance measures have changed the ways businesses interact with customers, as well as created operational and budgetary changes. Here are some of the ways that GDPR has had an impact on business.
How have GDPR affected businesses in the last 6 months?
Minor User Interaction Differences
On the consumer and user end, most have seen a popup when visiting webpages that notify them at the site uses cookies and that to continue use or browse the site further, they must opt-in, saying they understand that cookies will collect some information about their visit. Most consumer activity has not decreased due to these changes, but this GDPR requirement has caused some businesses to have to rethink their UX strategy.
Fines and Fees
Another GDPR impact on businesses has been financial, as one major part of the privacy restrictions include fines that can be assessed for businesses who are not in complete compliance. To encourage the careful handling of customer data and reduce dangerous data breaches, steep fines can be issued to businesses by regulatory establishments, which can be millions of euros. Some businesses worry that these expensive fees could damage their bottom line. Many businesses have already received warnings or fines for non-compliance with the GDPR data protection regulations.
Additional Organizational Leadership
One of the biggest changes that businesses have undergone is a change in their organizational structure. Since the passing of GDPR regulations, businesses have had to follow the mandate of bringing a GDPR protection officer onboard. As noted in the GDPR articles outlining an organization’s responsibility under the new privacy laws, a GPO is responsible for all areas of compliance and training, including:
- Educating a company’s staff and employees on any compliance requirements
- Training staff involved in processing data
- Conduct audits to confirm compliance, as well as work to avoid and also address any potential issues
- Serve as the point of contact between the business and any GDPR Supervisory Authorities
- Monitor compliance performance and provide advice regarding the impact of data protection work
- Maintain complete records of all data processing activities made by an organization, including the purpose of all processing activities, which need to be made public on request
- Communicate with anyone who’s data is collected and inform them about how their data is being used, their rights to have their personal data erased, and what policies and procedures the company has put in place to protect their personal data
Hiring a trained and experienced GDPR requires a company commitment of time, manpower, money, and resources. The effort has been a struggle to come companies to not just find the expert talent needed, but also to manage new budgeting concerns around salary. Some companies have outsourced their data and privacy compliance work to agencies or organizations who specialize in data processing.
Advertising-Specific Changes
Another GDPR impact on business has been in how businesses are able to advertise to customers. The regulations are very specific about how organizations can use consenting customer’s information to target them with advertisements. Some businesses are concerned that these narrow restrictions on who they are allowed to advertise to may limit their ability to reach customers and earn revenue.
Though it’s only been six months, some businesses have seen significant changes in their operations and even user engagement. These changes will require businesses to continue to adapt in order to ensure compliance while meeting their business responsibilities.