GDPR came into effect exactly one month ago today (at the time of writing). The build up to the date increased in intensity with a fervour I hadn’t seen since the countdown to the millennium and the collective fear of the Y2K bug. Of Course, unlike Y2K, GDPR and the potential prosecutions and fines are very real. From an organisational standpoint, we’ve worked tirelessly to make sure that, as an agency who handles every conceivable type of data (see our GDPR broadcast to learn some eye-opening facts about GDPR and video!) we are ready to protect our data subjects and data owners.
In this blog I’m more interested in understanding if GDPR has had much impact on me as a data subject. Am I Spam free? Has my inbox become a beacon of clarity? Is my data self now guarded by a digital iron fist? As far as I can tell, not so much.
The quiet before the storm
That’s how the saying goes, right? Of course, the run up to the implementation of GDPR was the complete opposite. Our inboxes were suffocated by a slew of spam at levels never before seen. Biblical style predictions of the end of entire industries abounded, companies were deleting entire databasesand confidence was rocked in how our data is managed with the Facebook and Cambridge Analytica scandal.
It seemed that GDPR was poised to herald a new dawn in consumer control of their data and a move towards a more open and understood internet where control of our most valuable commodity which effectively pays for all the services we love online (data) was back in our hands.
The Prosecution doesn’t rest
Some areas of GDPR didn’t provide huge clarity around exactly what would constitute a breach. Internally we saw a few comparisons with another piece of legislation which dominated the headlines back in 2010. The Bribery Act. It took six years before the Crown Prosecution Service got their first conviction under the bribery act but GDPR promised to be different as the potential for fines and the people who could seek recompense vastly outstripped the scope of the aforementioned legislation. Prior to GDPR and straight out of the pages of Chris Morris’s satirical notebook, it was the CPS themselves who fell foul of the old DPA legislation and receive a hefty fine for leaving sensitive videos on a reception desk, including data about vulnerable children.
We have also seen the prosecution of an individual under GDPR, not just an organisation, as a charity worker was personally prosecuted for his part in a data breach. Confidence in the Ad tech market also took a significant hit as spend in the EU plummeted as brands chose to err on the side of caution rather than be headline news themselves.
"Is my inbox an anomaly? Has a new day dawned on data? Have people been chomping at the bit to cry foul and prosecute transgressors? Has much really changed for the humble data subject?"
The more things change……
So, the stage is set. Prosecutions are happening swiftly, confidence in sectors affected by GDPR is diminishing and the pre-GDPR paranoia is proving to be very much grounded in reality. The reason I decided to write this blog is because while a bit of research brings all these points to bear, not much seems to have changed for me as a data subject. I am still served programmatic ads as I trawl the web, unsolicited texts are still popping up on my phone and my inbox, the place I hoped for sweeping change, is as dusty as ever.
I didn’t reply to a single email asking for my consent pre-GDPR. I sincerely apologise to readers who worked tirelessly to make their data compliant, but I was absent from work just before the legislation’s activation date and returned at the beginning of last week. I came back to over 4,000 emails in my inbox. Of those 4,000 just 238 were from actual people and were work related. The rest? Marcomms.
Is my inbox an anomaly? Has a new day dawned on data? Have people been chomping at the bit to cry foul and prosecute transgressors? Has much really changed for the humble data subject? These are not rhetorical questions. I would genuinely love to hear if anyone has seen a real, tangible and even life-changing difference to their data day (get it? Day-to-day?) I’ll get my coat.
By Callum Gill - Head of Insight and Innovation