One year of GDPR – what does it mean for organizations


It’s been a year since Europe’s GDPR came into force now. Since most of the businesses now have consumer data at the heart of their operations the GDPR was a big shake-up for businesses who had relations with European consumers. GDPR brought about a new kind of awareness and education among consumers about the value and consequences of their personal data. The regulation which was launched with a lot of skepticism about its reach and effect has now brought about significant changes in organizations’ handling of data and has empowered users to retain their rights around personal data.

As it relies heavily on consumer data, GDPR also brought about some overhaul within the publishing industry. Organizations were required to reorganize their data and be compliant with the regulation, data officers were appointed and data strategies were aligned to the new regulation. One year has passed and the industry is getting used to the new environment and there is a consensus that the new regulation can be leveraged for creative utilization of data and better customer relationships built on trust and transparency. Organizations that regard the regulations more than just a legal issue and take it as an opportunity to recognize the value of people’s information they possess are now better positioned to take advantage of GDPR and stay aligned to it. They ought to give their data the due importance it deserves and manage and utilize it in creative and sensible manner, to enhance their product offerings and relationships with their consumers.

GDPR brought into global attention the importance of data privacy in 2018 but the issue of privacy has been debated for many years after great amount of consumer information started flowing into the web. Countries like Singapore (Personal Data Protection Act 2012), Turkey (Data Protection Law), and China (Cybersecurity Law of the People’s Republic of China), had their data privacy laws in effect even before the Europe’s GDPR. However, GDPR brought about new awareness on data regulations and various state laws to enact them, it has spawned several other data regulations around the world since then. The Dutch Data Protection Authority released its GDPR fining policy, being the first country to do so. France’s CNIL established a network of data protection officers to help provide advice for brands, the agency in January fined Google nearly $57 million for breach of European Union data law. California Consumer Privacy Act was made into law one month after the GDPR and many other US states are mulling their own versions of data protection laws.

For associations and societies the new regulations are inspiring them to radically rethink how they manage their information and how they use that information to engage with customers. Some associations might have limited exposure to GDPR because of their small European presence, however, considering the growing awareness regarding privacy and governments across the world acknowledging its significance, they can still take the opportunity and use the regulation as a general template for their data privacy efforts. Vendors provide most of the software to associations and societies, and in most cases it’s vendors who manage the data, while the onus of compliance is on the organization itself. Vendors should be responsible for structuring the data management so that it’s aligned to the regulation, the tools should be streamlined and minimum disruption in services should be ensured. New kind of data processing clauses should be introduced to the vendor-client agreement to ensure initiation and continuity of legally compliant services.

In this exciting era of awareness around data rights where regulations are coming up across the globe, it’s time for organizations to take the opportunity to initiate a new kind of relationships with customers. Along with business success they should also utilize the data on building relationships which are based on trust and transparency, they should improve communication with their users and protect their data. GDPR was an awakening for the world. While their is an enormous amount of data accumulating every day and so much of information about each individual, stringent data protection regulations will become the norm as data has become a valuable personal asset which is lent to use within legal boundaries.