The GDPR’s One-Year Anniversary: What Are the Implications for the U.S.?

GDPR took full force in May 2018.

A year ago, GDPR was a big bad wolf trying to knock down digital doors, and it sent website owners into a scramble to comply without having their businesses blown away. Now, more than a full year later, those four little letters aren’t lingering on many lips, at least not with the same level of negativity with most business looking into gdpr compliance.

Here’s what’s happened since GDPR took effect and how it’s impacted the United States.

GDPR: What Did (and Didn’t) Happen

The General Data Protection Regulation (GDPR) was one of the top technology news buzzwords last year. Companies were worried about correcting their data collection methods to avoid the large fines looming over them for non-compliance.

For those businesses that took the message seriously and adopted better data management practices, it’s been smooth sailing. Not only has the GDPR brought to light a highly critical topic, but it’s also educated businesses and website owners on how they can improve their data handling and why they need to do so in the first place.

So far, there’s been a surprising lack of fines, especially as third-party data continues to be mishandled. Fines were believed to be fairly common, but so far there have only been a handful of them, most notably of Google for 50 million euros.

The Biggest Takeaways from a Year of GDPR

So far, GDPR has been mostly positive for companies.

For a brief few months last year, every tech-invested company had data safety on their minds, and that was a good thing. People who didn’t give much thought to it before were now heavily interested in finding ways to comply with new regulations, either out of fear or good business acumen.

The change has also made companies more mindful about how they use the data they collect. In a recent report from the Data and Marketing Association (DMA), more than half of marketers feel more positive about the effects of GDPR than they did a year ago.

In fact, they’ve even seen noticeable returns on their email marketing, in particular, earning more money per dollar spent on email, seeing higher open rates and click-through rates, and dropping unsubscribe rates by as much as 41 percent.

Next Up: The California Consumer Privacy Act

GDPR was initiated as part of the European Union’s data protection regime. The next component, the California Consumer Privacy Act (CCPA), is expected to go into effect in January 2020. This piece focuses more intensely on privacy regulations, including policies regarding cookies, email, tracking behaviors, and other activities.

This next layer is expected to ramp up stricter enforcement of GDPR, and with it will likely come a stronger round of penalties, fines, and other measures. Penalties associated with CCPA violations could reach as much as $7,500 per violation and up to $750 per record that’s compromised.

Stay in touch with the latest on GDPR, CCPA, and other technology news via our Technology articles page.


  • WCR:
  • Marketing Week — Data & Marketing Association survey:
Share This Post: