How it Went
GDPR (General Data Protection Regulation) is something that has touched everybody in some way since its launch in May 2018.
Ironically it led to an increase in unwanted emails as companies with your email address tried to woo you into staying on their mailing lists. As not many of these begging messages offered any incentive to take the action necessary to keep receiving communications, people’s natural inclination to do nothing instead of something will no doubt have slimmed down mailing lists across the world…which can’t be a bad thing. After all, what’s the point of sending out messages to people who aren’t interested anyway? With the response rate of 1% for emailshots being seen as a success, that’s 99% of your recipients you spent money on for nothing. Surely a smaller, better cleansed mailing list of people who are actually bothered about what you are saying would get a better return on your spam email marketing campaign.
Criminals and spammers tend not to bother too much about rules, so the unwanted junk / attempts to get your personal data will just continue regardless.
What Are We Meant to Do?
With the Information Commissioner’s Office employing more enforcement staff and hinting that they would be making examples of companies breaching the new rules, whilst at the same time saying they would be taking a softly-softly approach and are only looking for companies to be “seen to be taking steps towards” compliance, businesses were conflicted before the deadline. Many of our clients seemed to decide they were OK, only to have a panic a couple of weeks before the deadline. We were swamped with enquiries about whether websites were “GDPR Compliant” or what we needed to do to avoid being prosecuted. Our answer was always the same: “GDPR isn’t about websites!”. It’s about your company’s culture and attitude to people’s private data. Like tax returns, most people left thinking about GDPR to the last minute, assuming the experts would swoop in and sort it out in a couple of days, whereas companies which already had a good data culture would have found GDPR a very small, natural progression.
So, in practical terms, whilst your website needs to do certain things (consent buttons on forms, cookie warnings, etc.), that’s just a tiny part of what GDPR means to a company. We as designers and developers are the least qualified to tell you how you should be acting in regard to personal data…but we are the most qualified to sort your website out after you have decided. So we suggest getting a full audit by a specialist experienced in data protection. After that we have the knowledge to implement the recommendations they have made for your website.