Just over a month has passed since GDPR come into force and it’s all gone a bit quiet. The incessant emails asking us to “keep in touch” have abated, the endless LinkedIn updates from GDPR experts and/or comedians (pretty much indistinguishable?) have dropped off and the even the BBC seem to have lost interest. So was it just a damp squib? Another Y2K something in nothing?
Speaking to some of our clients, they are reporting demands from end customers to know what data is held about them (also referred to as DSARs) have increased, but not to the point where they have become unmanageable. Where customers are using our SmartFlow software for a solution to DSARs, they are seeing a greater than 50% reduction in FTE required to service these requests anyway. So any increase in volume is easily absorbed.
Many direct marketing firms have certainly changed their approaches and found
new ways to try and reach out to new prospects but I still regularly get unsolicited B2B emails asking me to engage in a conversation. The only difference post GDPR is they contain a footer advising me I have the right to opt of my data being used by them for this purpose. A right that I have taken to exercising.
I know some large organisations are still completing huge GDPR programmes to ensure they were able to demonstrate compliance with the new regulations, some have signed up to breach services, ready to manage the PR situation if they are found to have transgressed. I wonder if anyone has yet started to question whether it is worth the effort or if they are continuing with the approach of seeing GDPR as a positive thing to help them get to better grips with their data anyway.
Most organisations big or small have data they don’t really know about, the “unknown unknowns”. This could be in massive data lakes where data from systems have been placed, or across file shares that have grown organically with the business or even on individuals’ hard drives or emails. Certainly you can use our SmartScan solution to identify all types of information across your unstructured data areas, including the personal information particularly called out in the GDPR regulations. Knowing more about the data you hold and being able to find it has got to be a good thing.
So six weeks post GDPR, I am asking is that it? Or will there be a trigger to enliven this piece of legislation again? Maybe the Information Commissioner’s Office (ICO) will impose a hefty fine on a company that suffers a data breach? Remember under GDPR this can be up to 4% of global turnover or 20 million euros, which would certainly grab the headlines once again and validate the GDPR effort of many organisations to date. Or will the end customers start to take more interest in the data organisations hold about them and drive a change from the bottom up.
I’ll be watching with interest, let me know what you think.