GDPR: One Year Later

May 22nd, 2019 | By Christina Baker

Last year around this time everyone was talking about the General Data Privacy Regulation. With the May 25th compliance date looming, companies faced many unresolved questions: Who would be subject to the regulation? What data would be protected? How would companies protect that data? And what if they didn’t?

We answered a lot of those questions with our webinar, which offered a comprehensive break down of the legal implications of GDPR as well as an overview of the tools to help you manage your data. The webinar was hugely popular with listeners, who appreciated the easily digestible format on a regulation which is far-reaching and carries with it enormous fines for non-compliance.

Now it’s one year later and what happened? Did the sky fall? It depends on who you ask.

Most of GDPR revolves around a company’s obligation to obtain informed consent of the person providing his or her data, so it’s no surprise that soon after May 25, 2018, people who felt aggrieved by misuse of their personal information filed complaints through the European agencies set up to enforce GDPR. For companies like Facebook and Google, the sky certainly did fall as those were among the first companies fined by European authorities. Other companies facing complaints in the last year include YouTube, Netflix, Spotify, Apple, and Amazon.   In the case of Google, GDPR has hit the hardest when a French authority fined the tech giant $57 million dollars for not properly disclosing to users how data is collected across its services. But for the average company, it seems not much has changed. Outside of the EU, there were only a handful of consent complaints lodged and no judgments. It seems David only wanted Goliath.

One year ago, there were lots of writings about what GDPR meant for organizations and data privacy as a whole. Most of it was negative: predictions of crippling increased costs and time-intensive labor; fear of frivolous lawsuits certain to drain corporate coffers and place undue stress on staff from CSOs to IT admins with just months on the job. The idea of combing through decades of old data seemed daunting and near impossible with all that is expected from an already taxed IT staff.

GDPR was looked at very negatively when really, we were all presented with an opportunity. GDPR gave us a chance to clean house. It gave us an excuse to update. It forced us to think of clever and economical ways to manage data that, let’s be honest, we may not have prioritized before. It continued the process of bringing IT into the C-suite and leveraging technology in new and more impactful ways.  GDPR allowed companies to explore the concept of customer-led IT in a way that is truly meaningful to customers; by protecting them.

It wasn’t always easy, and compliance never ends, but a year later and the sky hasn’t fallen. We’ve all risen up.


Christina Baker is the Marketing Coordinator at Elysian Technology. Christina has worked in digital marketing and corporate event management for over ten years. When she’s not behind the computer or at an event, she enjoys running, baking, and boating with her family.

Have a question about GDPR or interested in learning more about how to protect your company’s data? Let’s talk about it.