The GDPR has been in force for several months. For some a bureaucratic monster, for others an unexpected stroke of luck. So it’s time to draw a first conclusion.
The effort for the companies was high, a lot of time had to be invested, data protection declarations had to be brought up to date, a data protection officer had to be appointed, declarations of consent for circulars by e‑mail had to be obtained, in short: the entire data traffic needed a complete revision in many points in order to comply with the new regulations. Failure to comply would still result in fines in the millions, which would mean the end for medium-sized and small companies. And, of course, the deadline for the changeover seemed as sudden as Christmas. After all, the topic had been known for more than two years, but very few people took care of it.
Critics complain that the new regulations regarding data protection were not so new, but as always, the devil was in the detail. In the process, recipients of e‑mails, for example, can enjoy a clean-up of the sometimes annoying mail floods. And companies have often recognized and used the opportunity to thoroughly sift through and clean up their data silos. The feared wave of warnings has also not yet occurred.
If now the second step is taken, to feed existing data into a new utilization, e.g. for the exchange, sale or purchase of data, the initial monster could still transform into a data-driven blessing.