GDPR: 5 years of Compliance and Impact

By Marko Batarilo, Senior Development Lead

The General Data Protection Regulation (GDPR) has had a significant impact on data protection regulations globally since its introduction in the EU five years ago. This subject continues to keep us on our toes and in this blog, I explore its effects and discuss the updates we have been navigating on behalf of our clients.

The right to be forgotten

One of the key objectives of GDPR is to give individuals more control over their personal data, including the right to be forgotten. This means that businesses must be able to demonstrate that they have a legitimate interest in processing personal data. As data privacy regulations continue to evolve, businesses must keep up with changes to ensure they comply with the latest rules to avoid fines, loss of customers, and reputational damage.

Falling foul of the regulations

Many countries around the world have used GDPR as a model to develop their own rules around personal data protection. Companies have had to review their business processes to ensure compliance with GDPR, including double opt-in rules and email marketing best practises. GDPR enforcement has been minimal to date, but the likes of Amazon, Meta, British Airways and Google have had significant fines and more widely, it’s expected that fines will reach record levels this year.

To date, we’ve mainly seen large corporates receiving fines, but there is a trend emerging where many smaller companies are unaware their websites are not GDPR compliant. Since the implementation of GDPR, website owners require explicit consent from users before recording their personal data.

Many websites are collecting user information through cookies before obtaining explicit consent. This typically happens when websites employ cookies to gather data as soon as a user lands on the site, rather than first presenting a clear, affirmative option for the user to grant permission for data collection. This is a critical oversight as it operates under the assumption that continued use of the website signifies consent, a notion that is no longer acceptable under GDPR. As such, this practice puts these businesses at risk of non-compliance and the associated penalties.

This regulatory landscape is here to stay

Privacy-driven spending on compliance with privacy laws has increased dramatically since the introduction of GDPR in May 2018. Companies have had to invest more in privacy technologies to gain the trust of their users and avoid fines. The use of business models that rely on sharing personal information is changing rapidly.

GDPR has therefore had a profound impact on the way companies operate, from how they collect and use personal data to the way they market their products and services. As privacy regulations continue to evolve globally, businesses must be able to adapt and demonstrate their compliance with the latest rules.

What’s been the impact on digital traffic?

Studies show that the introduction of GDPR has led to a 15% overall reduction in website visits for businesses across Europe and the United States, with direct website traffic and email marketing message visits decreasing by 4.5% and 7%, respectively. Email and display advertising traffic was also shown to have reduced by 35% and 29%, respectively.

These are significant figures and therefore a key challenge is to comply while minimising the impact on digital marketing results.

Staying on track

Cookie management tools and privacy-enhancing technologies will continue to play an important role in ensuring compliance with data protection regulations and building trust with users in the years to come. We offer expert assistance in implementing cookie management tools and optimising website traffic while minimising the negative impact on direct website traffic and email marketing.

If you would like to know more about GDPR and its impact on your website or digital marketing efforts, then get in touch here.