The Big Story of GDPR One Year Later.

Hello Alexa! What’s the state of GDPR Adoption on its one year anniversary?

• GDPR flooded your Mailbox
• GDPR is not the Death of eCommerce
• GDPR is not the Death of Email
• GDPR is not applicable to Death persons.
• GDPR has been a high priority for big companies
• GDPR has been less a focus for the smaller SME
• GDPR helped Data Protection to take centre stage
• GDPR seems to have helped Google & Facebook
• GDPR Has Chilling Effect On EU Tech Funding
• GDPR and PSD2 should not be considered in silos
• GDPR is bringing Smart City data protection flaws into the spotlight
• GDPR adds a dilemma to Real-time bidding, a thriving ad targeting technique.
• GDPR was a ‘fantastic start on really treating privacy as a human right’, said Microsoft CEO Satya Nadella
• GDPR Complaint Calls Out IAB Europe For Illegal Cookie Wall
• GDPR, mobile notifications are up, location sharing is down.

GDPR: One Year Down- Forever to Go! So the timing is perfect to bring together

• key industry data points everybody should know 📌
• how our solutions are doing year-to-date 🚀
• what we have up our sleeve at Privacy Radius 📈

and anecdotes so you can decide for yourself if Privacy made a step forward!

📌 Effectiveness and Interest over time

Overall, May 2018 to May 2019 has mostly been a year of learning and continuing to ramp the road to compliance for a lot of brands and (SaaS) companies, but it seems the tide of GDPR fever has ebbed, but not completely receded.

GDPR Interest over time

☠️ Many of the GDPR programs in Europe were driven out of fear of the new powers of Data Protection Authorities, which could result in fines up to 4% of annual global turnover. Since the implementation, €56 million in GDPR fines have been imposed across 11 European countries.

🤼 Additionally, the GDPR and the media coverage it received, resulted in people exercising their rights to privacy as we’d never seen before. More than 89,000 data breach notifications and 144,000 complaints have been filed with European Privacy Authorities thus far. And all these efforts have started to bear fruit. Companies like Facebook and the advertising industry as a whole are openly discussing their business models in an effort to reduce the amount of data required and to be less intrusive on people’s personal lives.

📌 Overall data & insights you should know about

• 67% of Europeans have heard of GDPR (Eurobarometer March 2019)
• 89.000 reported data breaches (EDPB, May 2019), 63% have been closed, 37% are ongoing
• 144.000 individual complaints including access requests, right to erasure, unwanted marketing, employee privacy, …
• 375.000 organisations registered a DPO (48% Germany, 13% France, 9% UK, … source iapp.org)
• 91 fines in the first 8 months of GDPR
• 400.000 EUR first GDPR Fine (for Hospital do Barreiro in Portugal) for allowing access to clinical files
• 50 Mio EUR largest fine imposed to date — The CNIL’s imposes a penalty of 50 Million Euros Against GOOGLE LLC, Jan. 21, 2019.
• Regulators in 11 European countries have imposed $63 million in General Data Protection Regulation fines. (European Data Protection Board)
• +1000 UK SMEs seem to have a positive understanding of the new regulation (72%), main actions taken included policies (45%) or reviewing consent (35%), seem to only touch the surface and take a possible cosmetic approach instead of full compliance.
• 4 million customers of Microsoft have used their Privacy Dashboard to update and manage their data.
• Whatever happens in the next 12 months, nothing can be as deeply ironic as the scenario wherein 25 out of 28 official EU websites were found to be infected with advertising scripts to track visitors without their knowledge or consent.
• Lots of requests for consent on websites don’t appear compliant. Many publishers still work on an opt-out basis, rather than default opt-in.
• If you’re not 100% GDPR compliant yet, you’re not alone in getting fully onto the GDPR bandwagon. As of December 2018, 71% of companies were not fully compliant (Source: IT Governance).
• Venture capital investment in startups in Europe post-GDPR is down by over $3 million, according to a National Bureau of Economic Research study.
• How Data Protection Laws Cost Europe 40,000 Tech Jobs
• Real-time bidding is the subject of four alleged violations of the European Union’s General Data Protection Regulation (GDPR) filed with regulators in Belgium, Luxembourg, the Netherlands, and Spain. Real-time bidding (RTB) is a targeted advertising technique that occurs when a user visits a website, and their personal information is broadcast to hundreds of marketers who bid in a near-instant auction to get their ad in front of that specific website visitor. U.S. advertisers spent an estimated $23.5 billion on the tactic last year
• Airship examined mobile app permissions data from more than 700 million users worldwide. Mobile notifications are up, location sharing is down, Users consciously selective about sharing the location. (Source: Martech Today)

✔️ The first year of GDPR started slow, but companies and regulators alike are picking up speed. Individuals are getting more and more aware of privacy, but there’s still room for more education, empowering of privacy rights and consumer solutions. And I’m also wondering to what level the average SME is busy with privacy, data protection, … or turning all this into a positive customer experience.

🚀 We are pushing privacy forward

🔥 GDPR Checklist — Launched Feb 2018

• #1 GDPR checklist worldwide — non-profit
• +500.000 people helped YTD
• +2000 people per month in May 2019
• +520 Github stars, open source
• Press mentions in FastCompany, Washington Post, Forbes, Business Insider, TNW, Inc.Com, … and hundreds of blogs.

GDPRCHECKLIST — Users statistics

The audience curve of GDPRChecklist follows a similar curve as the “GDPR Trend Graph” higher up, but still resulting in +2000 people using GDPRChecklist on a monthly basis to navigate their compliance. The current version is in English but we would like to offer it in various languages, … so feel free to join us on Github if you want to offer translation or help us maintain.

GDPR Checklist 2.0: We’re launching an updated version of the GDPR Checklist with extra translations and a dedicated section for data subjects to make privacy accessible for everyone. Subscribe for the launch.

🔥 GDPR Form — Launched Mar 2018

🆗 Organizations should already have most of the basic structures for compliance with GDPR in place — the ability to respond to data subject access requests, the extensive mapping and tracking of data that is processed, etcetera. GDPRForm helps companies to manage data requests for GDPR.

• +600 customers
• #3 on Product Hunt category Privacy solutions
• Easy-to-use Data Subject Access Request, multi-language
• Mentioned as “ Google Forms for GDPR ”
• Customers including saas, sme, non-profits, start-ups, …
• GDPR Data Request Interest overtime, we notice a peak during GDPR launch, consistent activity except drop during NY/XMAS

GDPRFORM — Data Subject Access Request solution

We’ve recently installed a customer advisory board to discuss the evolution and further expansion to a privacy management platform with API-integrations with platforms like MailChimp or Shopify, or data search and discovery possibilities, …

🔥 GDPR Tracker — Launched June 2018

• Tracks compliance, DPA, Certifications, Privacy Policy, Bug Bounty , DSAR, Status Uptime
• +200 saas subprocessors added
• +75.000 pageviews
• +100 Github stars, open source
• Daily +70 searches, 30% of companies not tracked
• Popular GDPR compliance searches Intercom, Asana, Slack, Mongo, MailChimp, Heroku, Zendesk, Stripe, Teamleader, Usersnap, Wix, Booking.com, Auth0, Adyen, Etihad, Emaar, Market, Mixpanel, WP Engine, Hellosign, …

GDPRTracker Compliance

GDPR compliance interest over time, follows a similar trend as overall — but we notice the relevancy will increase more and more because the average company with 200 to 500 employees uses about 123 Software-as-a-Service (SaaS) applications these days (Source MartechToday Feb 2019), tracking compliance of cloud services for risk management purposes becomes key for companies and their data management strategy. We’re also discussing with several corporate compliance officers on how to further expand the product, embed it in risk management automation.

In the upcoming we will be extending the GDPR Tracker and rebranding to’ Compliance Tracker’.

Our roadmap

📱YourPrivacy App

A privacy-App to manage your data rights, send requests, learn best practices, earn rewards to protect your privacy, and get notified of data breaches. Subscribe for the launch.

Our upcoming YourPrivacy app

🇪🇺 Data Request Templates

Data Subject Access Request Templates to help you exercise your data rights, send requests to companies. Subscribe for the launch.

A preview of the your data request project

🚨Data Breach.es

An open-source format and database for data breach notifications. Can’t wait? Follow the latest breaches through our Twitter account or subscribe for our upcoming launch.

📈 Wrap up, what’s next and join us!

✔️ The world did not collapse and I did not see a disaster for digital marketing but if you (saas or sme) have not yet started offering easy electronic ways for data subject access, mapping and tracking of data that is processed, policy for data breaches, … then time to sit back and relax over GDPR is definitely over ⌛

✔️ The increased awareness around privacy also means that people are probably becoming more cautious providing organizations their personal data, want to take more control of, get notified of databreaches and monitor compliance for the services they use.

✔️ Maintaining momentum and continually adapting GDPR resourcing, new business practices, and supporting technology will be key in the long-term and we expect to further contribute to that momentum. What do we have in the pipeline?

🔥 A year full motion and emotion, if you’re interested in joining forces, help creating (open-source) easy privacy data rights management solutions for SaaS and SME companies, reach out NOW — if you want to get involved

• Content Marketing / blogger with legal or privacy background
• Webmaster — maintain & promote open-source GDPRTracker
• Growth Intern — get more people privacy aware, attract audience
• Legal Intern — with intrest in data privacy, legal tech, GDPR, …
• Development Intern / help maintain our (open source) products

Don’t hesitate, we’ve got work to do 😄💪

Photographer: Andrej Lišakov | Source: Unsplash