18 Things, #3: GDPR will come in to effect with much confusion, shortly followed by a fine over €50 million for a data breach
Over the past year it’s been clear that marketers are struggling to grasp the EU’s General Data Protection Regulation, but they’re not the ones who should worry about getting fines.
GDPR kicks in on May 25, yet every time I’ve been in Europe this year it seems like the confusion around GDPR for marketers is only growing. Given the state of most CRM data I’ve ever come across, it’s unlikely many will be operating fully within the law come GDPR-Day.
But it’s not marketers that should be worried about getting fined. GDPR revolves around four key areas: consent (telling customers how and why you’re collecting data, and giving them the ability to see it), security (storing data in the right way), right to be forgotten (allowing customers to delete their data), and portability (allowing customers to take their data to another company).
Marketers will fail initially on the consent piece. But the first big (>€50 million) fine in 2018 will likely be for a data breach which includes personal information of millions of EU citizens. We’ve seen over, and over, and over again this year how likely data breaches are, and how they affect hundreds of millions of people. Companies don’t seem to be learning, so expect regulators to pull out a big stick to help them.
Confidence level: 70%
18 Things is a slightly different take on the usual “Annual Predictions” posts. For the next 18 days I’ll post one thing per day I believe might happen in 2018, with a brief overview of why. Each will also have a confidence level (an idea nicked from Scott Alexander), so I can come back at the end of the year and see how I went.
I’ve mostly stuck to my circle of competence, but please don’t read in to anything too much, and definitely don’t go betting your house on any of these. You can read previous posts here, or if you’re impatient, I’ll be posting these in 3 parts over at Blonde3.com.