Insights & Analyses

It’s GDPR Day! Companies comply by blasting out emails, even blocking European users – One World Identity

May 25, 2018

Friday marked the start of the European Union’s General Data Protection Regulation enforcement, and companies responded in kind by inundating the inboxes of users around the world with updated privacy policies. But not everyone found themselves GDPR compliant as of the deadline, leading to some European users being blocked from reading various websites entirely.

Note: OWI’s latest research, “Trust, Safety & Compliance: A Survivor’s Guide to GDPR-mageddon,” is now available to download.

Unable to meet the GDPR deadline, major news publications such as The Los Angeles Times, The Chicago Tribune, The New York Daily News, The Orlando Sentinel and The Baltimore Sun were all blocked from European readers as of Friday.

“Unfortunately, our website is currently unavailable in most European countries,” a note to EU readers on the Chicago Tribune’s website reads. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”

Not everyone was so slow to respond, however. Throughout the week, users found their inboxes flooded with alerts from companies, service providers and more, letting users know that their respective terms of service had changed to comply with GDPR.

Still others asked users to actively opt in and agree to continue receiving marketing email alerts and newsletters, again in an effort to be compliant with the new law.

Some of these alerts were more explicit, explaining that the changes were done to meet new regulations in Europe. Others, however, saw a public relations opportunity, presenting changes in policies and terms as a win for consumers, giving them more transparency on how their data is used and controlled.

And of course there were hiccups. One Twitter user claimed they received a GDPR compliance email, but with all recipients mistakenly CCed, exposing all of their email addresses and potentially violating GDPR requirements in the process.

The fact that people around the world were inundated with these notices despite GDPR being a strictly EU law shows the worldwide effect of the new regulations. And companies like Microsoft and Apple have extended GDPR benefits to all customers worldwide, making the impact truly global with new features like downloading and exporting data, or exercising a “right to be forgotten.”

A recent poll found that 10 percent of corporate execs said GDRP compliance would cost their company over $1 million. Given those expenses, it might be unsurprising that some websites just couldn’t make the May 25 deadline.

GDPR sets strict new standards for consent, transparency, and data processing for all companies handling the data of EU residents. In the U.S., the law has been met with resistance from companies, who have lobbied lawmakers in Washington to avoid taking a GDPR-like regulatory approach.

OWI Insight: “GDPR-mageddon” is here, complete with levels of chaos and confusion one might expect for new, wide reaching regulations with a global impact. Despite the initial consumer reaction, OWI sees an opportunity for companies to enhance their standing, particularly with respect to Trust & Safety, by leveraging GDPR compliance as a benefit for customers. But we’ve already gone into great detail on that in our latest research, so we will let webcomic xkcd have the last word on GDPR Day:

Comic by xkcd.