Two years of GDPR: What does the impact on businesses look like?

The General Data Protection Regulation (GDPR) came into force in May 2018. Nearly two years on, over 200 fines have been issued to companies in Europe totalling £13 million and more. We take a look at the impact GDPR has had on businesses and how you can ensure you are fully compliant.

The good

While hundreds of fines have been issued against companies across Europe, the majority were for minor infractions and fines were in the low thousands in terms of costs.

However, that doesn’t mean you can sit back and relax. The two largest fines to date were levied by the UK’s ICO, resulting in British Airways being fined £183 million following an investigation of a data breach in September 2018. Marriot International was also fined £99 million for similar issues.

The good news is that GDPR has resulted in more and more B2B businesses adopting an inbound marketing approach. This means we’re seeing more meaningful content and relevant information being published that appeals directly to customers. By focusing on customers’ needs rather than heavy sales tactics, many businesses are seeing positive results with the customer coming to them first!

Databases are leaner and email marketing is more targeted because a list of customers who have opted into receiving content are more engaged, resulting in a higher click-through, open and engagement rates, particularly in email campaigns. In fact, Marketing Week reported marketers have seen a 74% increase in email open rates and a 75% increase in click-through rates.

GDPR rules have also engendered trust. Being forced to be more transparent about how you use your customer’s data has resulted in greater trust and better opportunities to build strong business and customer relationships, and ultimately improve profits.

The bad

The new legalities, however, haven’t come without its challenges. Many businesses have had to overhaul their marketing practices, particularly when it comes to consent.

GDPR forced many companies to take a close look at their systems and procedures. From websites, forms, email marketing, newsletters, CRM systems and more. Almost every tool used to engage with customers has required a deep level of investigation and in many cases, a much-needed renovation.

This work has come at a significant cost to businesses and will continue to be an ongoing financial and operational cost to ensure companies stay within compliance guidelines. It’s been estimated 74% of small to medium-sized businesses have so far spent more than £75,000, and larger businesses spent more than £1 million to make amends and put in place correct practices. This estimation doesn’t even take into account the cost of employees’ time to research, plan and implement processes.

The ugly

The ICO is taking heavy action. The most recent fine of £275,000 was issued to London pharmacy Doorstep Dispensary Ltd after an inspection found it had stored documents containing personal data of UK citizens in unlocked crates in a rear courtyard.

In March 2020, the ICO also fined Hong Kong-based airline Cathay Pacific £500,000 (the maximum possible penalty) due to the breach taking place before the introduction of GDPR.

So now, perhaps more than ever it’s vital for organisations to get their GDPR ducks in a row before it is too late.

How can you make sure your business is compliant?

• Review your systems and procedures, and make sure you’re keeping valid reports on how you use data.
• Minimise the data you process. The more data you hold the higher the risk. Create a strategy for your business that requires teams to hold only the most vital of data.
• Be sure of your legal duties. If uncertain seek professional advice on processing, storing and use of personal data.
• Create a compliance privacy policy. Make it clear, concise and easy to understand.