GDPR: what have we learned so far and where is data protection law going?

GDPR: what have we learned so far and where is data protection law going?

There was justifiable apprehension as GDPR’s introduction approached, not to mention plenty of blind panic as the clock ticked down. However, two years down the line we now have plenty of research which tells a more positive story.

On 25 May 2020, the General Data Protection Regulation (GDPR) celebrated its second birthday. Since its introduction, GDPR has strengthened data protection laws and returned control of personal data to individuals across Europe.

GDPR’s introduction in May 2018 was necessary following years of high-profile data breaches and scandals involving the mismanagement of consumer data by businesses. The new regulation sought to harmonise data protection laws in the EU and be fit for purpose in the digital age.

The prospect of GDPR was initially a big concern for marketers. They feared the tighter regulations would impact their effectiveness. Email marketers were particularly concerned – many email programs rely on consent as their legal basis for processing personal data, and GDPR meant that obtaining consent was about to become a lot harder. Senders would need address factors such as positive opt-in; specificity/granularity; unbundling from other terms and conditions; and ensuring opting out was as easy as opting in. Senders would also need to refresh existing consents if they didn’t meet GDPR standards. For some senders, there was a real risk that lists built up over many years would be rendered obsolete overnight.

For senders who chose to rely on legitimate interest, the bar was about to be raised a lot higher too, with senders required to conduct a Legitimate Interest Assessment (LIA). This document would need to demonstrate that: a genuine legitimate interest can be identified; processing is necessary to achieve it; and doing so is balanced against the individuals’ interests, rights and freedoms.

So there was justifiable apprehension as GDPR’s introduction approached, not to mention plenty of blind panic as the clock ticked down. However, two years down the line we now have plenty of research which tells a more positive story. Many elements of the regulations were long-established best practices, and many marketers who were quick to embrace have seen significant benefits from doing so.

This article explores what we have learned since GDPR was established, how its introduction has influenced other countries and regions, and where data protection law is heading next.

Leave a Reply

Your email address will not be published. Required fields are marked *