GDPR Compliance

“Thinking With Foresight” now that the GDPR compliance deadline has passed we’ve done some investigation of the projected future impact of the initiative. We found one alternative view to be quite intriguing.

https://www.mycustomer.com/marketing/data/opinion-why-gdpr-will-fail

The article cited above and past experiences of large scale innovations leads us to believe that GDPR will be circumvented by the big companies it was intended to restrain. With lots of money mass advertisers can use it’s loopholes to fund their way around it; leaving smaller organizations with limited budgets like associations with the costs of maintaining compliance.

We don’t entirely agree that GDPR will fail, but it appears that at least 80% of organizations will still be non-compliant going into 2019. 

A perfect case study for this change would be EMV implementation in the US (the chipped cards), the liability shift occurred for merchants in October 2015. “During the first year of widespread EMV roll out, just over 700,000 merchants were equipped and capable of accepting EMV chip enabled cards. Less than two years later, 2.3 million merchants are now EMV compliant, a 473% increase.” Don’t let that 473% increase full you. Finally, three years later – brick and mortar retail locations are around 85-90% compliant.

The only reason the compliance occurred within 3 years is due to the liability shift on charge backs, where merchants were subject to a full charge back with no dispute capabilities of the sale occurred via a non-EMV compliant terminal or via swipe.

Unless the EU comes down hard on everyone, which they simply can’t, and won’t – unless a user files a claim. We only see three possible outcomes for GDPR:

1. It’s enforced only against major corporations or bad actors when they are caught in an extreme case of violations, but otherwise widely overlooked. 
2. It manages to change the thought process around data governance and best practices. Ultimately though, new methods that allow for skirting and circumventing requirements are found/created. 
3. The EU takes steps to revise certain language in the regulation or creates exceptions.

Again, “Thinking With Foresight,” we suspect that number two will be the winner with number one being a close second. We are already aware of a few reports of organizations culling all European addresses from their lists. Meanwhile, you may need to think about how you will remedy incorrect permission responses you receive from folks wanting either “on” or “off” your lists.