GDPR was created for companies and organizations to question their data collection and storage practices. Since the launch of GDPR in May 2018, we have seen the predicted outcomes as well as unexpected consequences, both positive and negative. The question remains – has GDPR revolutionized data protection? We investigate the impact below to understand its effects on organisations and users.
Embed this Infographic:
What is GDPR?
GDPR is an EU regulation that was enforced in 2018. The legal framework was created to protect EU citizens, strengthening their rights and giving users more control over their online data. The creation of the act also means that the data protection laws in EU member states are now identical.
What does GDPR stand for?
GDPR stands for the General Data Protection Regulation. GDPR rules prevent organizations from acquiring information from users without their permission or consent. Now, users will have to proactively permit organisations to collect their data and to send them additional marketing information.
The aim is to encourage users and businesses in the EU to take full advantage of the digital economy. Personal data, consent, and privacy have been huge discussion topics in recent years, and GDPR gives EU citizens a choice of who is gathering, analyzing and using their data.
Positives outcomes of GDPR
More transparency, awareness and trust from users
EU citizens have never had this much control over their digital data. With GDPR, they have the right to know how their data is being used and they can control what data they give to organizations. Data must now be handled fairly between both parties, only being used in ways that users have permitted.
This had led to an increase in online users’ trust in companies and websites they’re visiting or purchasing from. Since the launch of GDPR, organizations are seeing that consumers are responding more positively than before, and their engagement with the brand and website has increased.
In a recent study, Harvard Business School and Maritz Motivation Solutions, a leader in creating loyalty, employee engagement, and sales incentive programs, assessed the impact that digital ad transparency has on users. They found that when companies use clear language that explains their use of data to recommend products and services, user engagement and spend increase. In their two experiments, they found that transparent ad language led to:
- 30% increase in time on a particular product page
- 38% increase in spending on products recommended.
This shows that when consumers are aware of what’s happening with their data, their brand loyalty and trust increases, meaning more chance of conversion.
It also seems that since the new data protection laws, awareness has spiraled. The Information Commissioner’s Office has stated that data protection complaints to UK regulators have more than doubled since GDPR passed.
To simplify, customers are more aware of the laws surrounding their personal data. They feel more protected than before and are responding positively to companies who comply with the GDPR checklist. If people dislike the way their information is stored, purchase intent drops.
GDPR has contributed to making the world greener
One surprising side effect following GDPR is its environmental impact. Since May, the total number of marketing emails has decreased by 1.2billion per day. As well as reducing the volume of emails in everyone’s inboxes, this has also lowered the amount of carbon dioxide that is released into the atmosphere:
- 2billion fewer emails
- 360tons less co2 per day
- 3g per email
- 404 passenger journeys between London and New York per day
This is tremendous and certainly an unexpected benefit from the data protection changes in 2018.
More protection in unexpected areas
GDPR hasn’t just been implemented to increase online data protection. It stretches much further, beyond the online world.
- CCTV and video security systems – there are GDPR considerations for storing faces without consent.
- Printers and scanners – history that may stay in systems are there without consent. 
- Sat Navs – Tracking users is likely in breach.
“We do see many car makers already able to uniquely tailor cars via software loading for individual markets, but what happens if an EU citizen visits the US and rents a car and finds their unique info collected without their express consent?”
Richard Henderson, global security strategist at Absolute
Negative effects of GDPR
Due to GDPR, police no longer have access to the information needed to track down owners of internet resources, such as websites. This can elongate the process of getting rid of illegitimate websites, as well as create problems in tracking down more sinister site owners.
Another worry is cyber-extortion – that hackers will be able to coerce companies for money, in return for withholding information from the authorities. If companies aren’t complying with data protection rules, they are subject to a range of GDPR penalties – potentially a fine of 4% of their annual turnover. Giving cyber-criminals even a small portion of this to keep quiet will leave the company in a better financial position, which in turn encourages more cyber-extortion and blackmail. 
No impact on device security
There are around 6 billion connected devices currently on the planet, and estimates say that this number will dramatically increase in the next decade. Concerns are that as the technology space advances, GDPR will simply not be adequate to protect users.
Device security is an aspect that GDPR doesn’t address. With no incentive for manufacturers to create securer devices, why should they go the extra mile if there is no financial benefit or legal obligation?
The huge amount of data collected via connected devices can be compromised by hackers, and users may not be aware that they are not protected. While GDPR has advanced privacy and protection, it only just touches the base of a much larger problem.
Conclusively, GDPR has proven to be a big step towards data protection. It has raised public awareness and users have responded positively to the change; however, it’s only just the tip of the iceberg.
Public penalties are beginning to emerge, with a Portuguese hospital having recently being fined £400,000 for two violations of GDPR. However, a study by TrustArc, a security and technology compliance company, found that companies still don’t seem to be taking things seriously:
- 5% of companies surveyed believe that they are GDPR compliant.
- 7% believe they will have converted fully by the end of 2018.
- 7% are taking a “wait and see approach.”
Does this mean that there is a false sense of security for consumers?
These statistics show that, in all likelihood, much of consumers’ data is still being collected and used in ways to which they haven’t agreed. Lengthy steps still need to be taken and, ultimately, GDPR has not been the final answer to online personal security.
 Calculations derived from: https://www.theguardian.com/environment/green-living-blog/2010/oct/21/carbon-footprint-email, https://www.bleepingcomputer.com/news/technology/number-of-third-party-cookies-on-eu-news-sites-dropped-by-22-percent-post-gdpr/, https://medium.com/@maildesigner365/how-gdpr-opt-in-campaigns-could-reduce-email-volume-by-up-to-50-1a705d1d29cd .