It’s been a year since GDPR came into force. Over those 365 days across the EU we’ve seen:

• 90,000 consumer complaints
• 60,000 data breach notifications
• 250 cross border cases being investigated
• €56m in fines being issued by European data watchdogs – although €50m comes from CNIL’s (France’s equivalent of the ICO) fine of Google for its lack of transparency

But it hasn’t just been a year of penalties. There has been a significant upside to GDPR too. Research from Marketing Week, for example, shows that there has been a significant change in consumers’ comprehension of the rights they have with 48 per cent saying they have a clear understanding about how their personal information can be used by companies. In fact the majority of consumers (93 per cent) have heard of GDPR, with 39 per cent saying they know a ‘fair amount’ or a ‘great deal’ about the new data law. Forty-one per cent of respondents believe companies give them more control over their data than they used to, which rises to 49% among 25- to 34-year-olds. Another study, this one by Wilmington Millennium shows that consumers also believe that GDPR has also positively impacted marketing communications. Close to half (48 per cent) of people in the UK think that the marketing they’ve receive following the introduction of the new legislation is more relevant.

However, now that we’ve passed the one year anniversary, work cannot just come to a halt. If anything this is where the harder work begins – maintaining compliance. This is particularly important since EU watchdogs have publicly stated that as they have become sufficiently staffed to cope with the number of complaints received they will become more active in performing proactive audits to determine how complaint most organisations are. When it comes to outsourcing we’ve notice a trend in clients choosing to use data providers that hold additional certifications which have been independently assessed, such as ISO27001. These provide the assurance that data will be handled correctly, and in line with the regulations.

For organisations operating outside of the EU, what is also interesting is the interest from the rest of the World in GDPR. Whilst a long way off, a single privacy framework is no longer the stuff of science fiction. GDPR is being scrutinised as a strong template. Last year, there was an international conference of data protection authorities wherein more countries indicated their intention to introduce GDPR-like laws in their country. Already, Brazil, Japan and California in the US have passed new privacy laws based on GDPR and India has a draft privacy law that will soon come into force.

Whatever the next 365 days will bring, what is clear is that data management and customer privacy will continue to be key concerns for organisations and demonstrating compliance will be vital moving forwards as the ICO et al move into the next phase of ensuring adherence to the law.

If you want to know and understand more about the way data is changing the world you live in, or would like to know how data can add value to your business, please email me at


Dave Gurney

CEO, Alchemetrics - Expert in Data & Digital Marketing
enabling senior marketers to value from engaging customers online.