It’s been nearly 5 months since the implementation of new data protection rules under GDPR and the dust seems to have settled. Whilst most organisations are settling back to what feels like business as usual it’s important that everyone keeps on top of data security in their company – GDPR compliance must be seen as an ongoing activity, not a once-off exercise in box ticking.
Unexpected GDPR related issues
As a result of GDPR’s implementation there have been some issues that may not have been expected in the wider world.
- You’ll probably have noticed that almost every time you visit a new website you’re immediately prompted to accept terms and conditions or get a message related to targeted advertising, privacy or cookie policies. This is a result of the GDPR requirement for notification about personal data being collected or passed to 3rd party (in this case advertising) companies. One of the problems with this approach is that people get checkbox fatigue and just blindly click Yes to get rid of these popups, thereby negating their purpose.
- Uber Entertainment were forced to close down their 2012 online multiplayer game Super Monday Night Combat as a result of GDPR. Their explanation was that the version of the back-end system (UberNet) that supported the game was not GDPR compliant and that the cost of changing the game’s code to support a newer version of the system was prohibitive. The servers supporting the game were shut down on the 24th of May prior to GDPR coming into force.
- Users have commented that they are receiving far fewer unsolicited emails, and those they are receiving are from the most indiscriminate spammers with little or no relevant content
- Several US-based news websites such as the LA Times shut off access to EU based users after the introduction of GDPR. If you try to access their website you’ll see the following message:-
“Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”
It seems that the parent company of the LA Times (and other new websites) Tribune Publishing were either unable or unwilling to make changes to their websites required for GDPR compliance and decided the easiest short to mid-term solution would be to make them unavailable to EU-based readers.
- WHOIS information. Previously if you wanted to know who owned a domain (such as ec2it.co.uk) you could just check the WHOIS information provided in the UK by Nominet. Now this no longer shows information about domain name owners. The overseer of all domain registration – ICANN – was unable to implement a GDPR compliant policy in time for the 25th of May, leading to the European sub-registries having to implement their own policies in a last-minute mad scramble to be compliant. These companies are still required to hold data on who owns domains, but can no longer publish it publicly. ICANN continues to battle the European court system rather than implement a properly GDPR-compliant policy.
GDPR - business as usual?
These are just a few of the affects caused by GDPR and how organisations and businesses have tried (or failed) to deal with implementing the required changes. Has GDPR caused a lot of changes in your company processes or is it still very much business as usual?