What has changed since GDPR was implemented in May, this time last year?


It has been a year since the GDPR came into force, May 25 2018. However, it has been reported that errors are still being made. Further to this there are still three countries (Greece, Slovenia, and Portugal) are yet to even implement it. On May 22, the European Commission revealed that since 2018, nearly 90,000 complaints have been made to the data protection authorities about the GDPR, and companies self-reported 1,700 data breaches in June last year alone.

Have there been any fines?

Several charities including Macmillan Cancer Support, Cancer Research UK and The Royal British Legion have been fined various amounts. This was due to failing to adequately state that personal data may be processed for wealth analysis in their privacy notices. Uber was fined £385,000 for insufficient security arrangements. These resulted in cyber criminals downloading a large amount of personal data about customers and drivers.

Are fines being paid?

Early figures for the GDPR show that the policy has been a success as a breach notification law; but it has largely failed when it comes to imposing fines. In the first nine months, the total penalties imposed add up to 55,955,871 euros. However, a single 50 million euro fine was levied against Google, which is nearly 90 per cent of this sum. This potentially means that the vast majority of companies are still not being fined for breaking the rules.

How has the GDPR affected website design and eCommerce in the last year?

In the first six months of the GDPR, Reuters reported that the UK experienced the highest significant decline in the number of cookies used in web applications and eCommerce apps. The suggested reason for the decline was the redesign of websites to ensure compliance with the GDPR.

Notable changes include:

  • Web applications no longer readily subject a website user to data collection, storage, and processing from third-party companies.
  • The removal of old designs and code to conform to new, improved standards.
  • Some web applications completely got rid of third party data mining software; this was so that they could avoid legal issues associated with the GDPR.
How has the GDPR affected marketing?

You might remember receiving lots of emails around this time last year from companies asking you stay subscribed to their databases so they could still send you marketing messages, but have you stopped receiving them?

Key changes to digital marketing include:

  • Mail Chimp enforcing double-opt in for email marketing
  • Sign up for marketing/newsletter boxes. These must not be auto-ticked on websites

Overall, it’s fair to say that the first year of the GDPR has been a success, but moving forward, the EU needs to correct some of its problems, including imposing fines on companies who have breached the policy. For more information on how you can make your website and marketing GDPR compliant, contact us today.

CDA Contact Us Graphic