Still Not GDPR-compliant? You’re Not The Only One (But That’s No Excuse)

With all that was written about the European Union’s General Data Protection Regulation (GDPR) in the 6-12 months leading up to its enforcement on the May 25 this year, you would think that online advertising and marketing companies would be fully compliant from day one.

However, results from a survey conducted by Clearcode — an AdTech and MarTech development company — proved that this wasn’t the case at all.

The survey released a week before the GDPR came into force showed that over half of the respondents, which comprised of AdTech vendors, MarTech vendors, agencies, and publishers, were not ready for new law. The first week of the regulation being in force brought us a flood of opt-in emails and a few lawsuits. How do we adopt to the new reality?

Only 48% of companies stated full GDPR compliance

According to the GDPR survey a majority of companies were not ready for the GDPR but were aware of the legal and technological changes they will have to make.

The survey showed that 23% of respondents claimed that they were going to be ready in time, but that still leaves us with a huge part of the industry that was openly unprepared for the new legal reality. Could this mean some players will exit the game?

Some companies have received declarations from their business partners stating they will not cooperate with companies that are not GDPR compliant.

66% of respondents said they are planning on only working with GDPR-compliant partners themselves.

36% of companies declared that they are in the process of becoming GDPR compliant but admitted they will not make the deadline before May 25. 6% are openly taking a wait-and-see strategy, but that attitude may turn out to be a short-term one.

Taking a wait-and-see approach may seem like an acceptable strategy for companies whose income from the European marketing is marginal. In fact, some non-European companies have even started to block visitors with European IPs in order to avoid all the legal obligations resulting from the GDPR. I don’t want to judge the effectiveness, compliance or fairness of such actions, but I feel like here, in Europe, we should play an active role in adopting our own new law. I’ve seen European companies vigorously preparing for the GDPR, with full dedication to data subject rights, user privacy and data security. I hope Europe will be full of good examples sooner rather than later” – says Maciej Zawadziński, chief executive officer of Clearcode and GDPR-compliant marketing platform Piwik PRO.

Facebook and Google slapped with $8.8 billion in lawsuits

The privacy policies of two biggest data owners in the world were questioned a long time before the enforcement of GDPR, but both giants claimed they will be operating in accordance with the European law.

Testifying before Congress, Mark Zuckerberg even claimed that the changes introduced under the GDPR will apply to all Facebook users around the world. Google even created last-minute policy update that was supposed to make its advertising network GDPR-compliant, but was widely criticized by Google’s partners as unfair and harmful for publishers.

Day one of the GDPR started with lawsuits being filed against both Google and Facebook. The reason? Forcing users to consent to sharing their data with third parties (ad buyers). Noyb — the consumer rights organization spearheaded by privacy advocate Max Schrems — filed the lawsuits pointing out that according to  Article 7 of the GDPR, user consent must be clear, freely given and cannot be a condition of using a website or service.

Consent is only the beginning

Collecting user consent correctly seems like a good starting point for those who are not yet GDPR compliant at all. There are several tools and widgets that make the process of collecting consent easy, but simply turning them on does not make a company completely lawful. To fully comply with the GDPR and respect data subject rights, every company has to implement a number of policies, precautions and technological and organizational measures that will protect both its own and its clients’ data.

This may seem like a long journey, but to avoid fines (and those may reach up to €20 million or 4% of your annual turnover) going the extra mile may really pay off.

 

Justyna Dzikowska: Tech enthusiast, experienced digital marketing professional and privacy evangelist. PR Manager at Clearcode and Piwik PRO. Graduated from Journalism and Social Communication.