The GDPR is now a couple of days old (yes, I know, actually over two years, but seriously...). The buildup to May 25, 2018 has reminded me a bit of the Y2K Bug and sure enough, the internet did not blow up. Well, sort of. Germany for example, has a particular legal practice, called "Abmahnung" which pretty much allows lawyers who have sold their decency together with their grandma (I know, who would have thought, lawyers...) to make lot's of money off of businesses, organizations and even private people who have missed a tiny detail on their websites and are therefore not legally compliant literally 100%.
It seems that the first "Abmahnungen" have come in, but since the whole thing is new and the Germans are actually used to this nonsense, it doesn't seem to cause too much trouble, yet.
Of course, pretty much all small businesses whose major market is not the US have simply blocked Europeans from accessing their websites. They may or may not come back, we don't know. But I do understand the rational. Why bother, if it bears only risks but no benefits. I shouldn't write that out loud, but this might be a very elegant strategy implement protectionism. So, Donald, pay attention.
The more potent weapon of mass (business-)disruption of course is the harsh fines for companies when not complying. Two percent or up to 10 Million Euros, or if you're really nasty, four percent or up to 20 Million is something that even Goole may not be happy to stomach especially since the cap of 10/20 Millions don't apply to Marc's, Jeff's or Larry's toy-empires.
So making mistakes here can hurt badly. It's also a nice backdoor to collect money from organizations who hire the smartest people in the world to
fly to the moon/cure cancer/find the meaning of life develop inscrutable tax-evasion models.
The answer is: surprisingly not. In many ways what I have noticed, is that the GDPR forced a lot of websites to get rid of their most annoying
harassing advertisement practices, I notice fewer tracking scripts and companies actually not asking your shoe-size and nose-length when you want to order two screws and a hammer.
Of course, many small to mid-size businesses are now scrambling to get themselves compliant and seem to struggle in the attempt. And I am very sympathetic to them even though some argue they had two years of preparation time. That is true, but the regulators have not really made any effort to communicate the topic broadly until the press picked it up a couple of months ago. Neither are they providing any practical support for implementation.
The truth is (a bold statement these days...), we will only know in a few weeks to months, what the GDPR will do to business in Europe. It certainly will help individuals to gain back control over their data, and that's a very good thing in times where our information is more valuable than gold or printer ink.
Main image: Designed by Freepik