Nearly four years since the GDPR was passed and no marketer has been left unscathed by the endless parade of data privacy quizzes and refreshers. But beyond that, the impact of GDPR has been hard to ignore.
Businesses are now held to higher standards, consumers are more aware of how their data is being used, and data breaches are now mainstream media, which can cause great reputational damage to large enterprises found in breach.
Whilst a lot has changed over the last few years, data privacy laws have remained fairly consistent without any majorly disruptive updates since 2018. However, this is set to change in 2022 and 2023. Below are the top three predictions on how data privacy legislation will affect European marketers this year.
Since GDPR came into effect in July 2018 there have been over 928 fines for breaches into the legislation totaling over € 1,528,202,708. In December 2021 alone there were 40 fines issued to businesses for breaching the regulations bringing the total number of fines to 426 for the entire year.
However, in 2022 we predict that there will be far more fines and penalties issued than in previous years. This is down to a number of key factors, the first being there is even more public pressure and awareness on how the gatekeepers are utilizing data.
In a landmark case earlier this year the Austrian Data Protection Authority has ruled that websites using Google Analytics can be found in breach of GDPR due to the transferring of users’ personal data to US companies. This stems from a 2020 ruling that stated sending personal data to a company based in the US that cannot guarantee the data’s safety from US intelligence services is illegal.
This court ruling will make significant waves, not only in Europe but also in the United States. One of the key potential knock-on effects is that US cloud providers will need to set up ring-fenced European data centers that control access to personal data, something Google has already announced in Germany.
This will have a significant impact on European marketers, especially when it comes to first-party data as they either have to ensure that their US providers are indeed not transferring their data, or identify partners that are compliant with the scope of GDPR.
In addition to this landmark ruling, we have already seen France dish out huge fines to Facebook and Google for breaching the French Data protection act. Over the course of 2022, expect to see even more cases like this hitting mainstream headlines.
Whilst fines and legal rulings dominate the headlines, the biggest impact on businesses may not be financial. Even in the past two years, the amount of data that companies are processing on a daily basis has grown exponentially, especially accelerated throughout the pandemic.
As the amount of data continues to grow the security risks grow as well and so it is essential that companies have the right security systems in place. Data governance is now critical for all marketers and implementation is an absolute priority. You can find out more about how to implement data governance here.
For many companies the reputational risk and PR damage to a security breach now significantly outweighs the fines. Expect over the coming year that there will be more public scrutiny on companies that are found in breach of regulations as well as greater reputational damage.
Over the next 12-18 months there are set to be a number of changes in the regulatory framework that will directly or indirectly strengthen the application of the GDPR.
Firstly the introduction of the Digital Markets Act will establish obligations for gatekeepers to comply within their daily operations. These include:
This will mean that there are significant changes that must be made by the gatekeepers, which may prove relatively difficult whilst still ensuring that they are in line with the GDPR.
On top of the Digital Markets Act, marketers also face the European Data Governance Act which will include a number of measures introduced to increase the trust in data sharing, give more control to Europeans over the data they generate and facilitate the reuse of certain data held by the public sector.
These latest regulations issued by the European Commission, as well as other countries now reviewing their own data protection laws, are expected to cause the biggest shake-up to data privacy legislation since the introduction of GDPR.
Watch this space!