GDPR: it's been a year already!

GDPR: one year later, where do we stand?

The GDPR took effect just one year ago, remember?

GDPR: it's been a year already!

Data: 21st century gold

We live in a digital era, where everything is just a click away and where users regularly rely on websites to form an opinion, read a review or buy something. The data users give to companies has become a vital resource that must be handled with care, respect and transparency. The GDPR supports this idea, dictating which rules must be complied with and listing the applicable sanctions. Sanctions that include exorbitant fines bearing in mind that Google was hit with a 57-million USD fine earlier this year.

Obviously, the sanctions are flexible, and they depend on the company’s size and notoriety as well as the seriousness of the violation. While a lot of attention was focused on which actions large companies took in response to the GDPR this past year, the situation varies depending on the country. In Germany and France, companies tend to be very rigorous when it comes to managing and applying the GDPR. But there are cultural differences of course: the German severity and the rigor of the CNIL (the French Data Protection Authority) are easily recognized. In these countries, and elsewhere, the main issue however, was to educate people about the problem of data protection and the GDPR to prevent them from making errors. At ACTITO, we recommend transparency, a culture of trust and communication: customers must feel that they are a priority and must know that their voice is heard and that someone is listening. Watch our Spring '18 Release – GDPR Special again to find out more about how ACTITO adapted its marketing automation platform to be GDPR-compliant.

"GDPR-compliant": a biased use of certain terms

Benoit de Nayer is adamant: GDPR is a continuous process, there is always something that needs to be done, an improvement or a correction to be made and new things to be developed. New profiles have emerged (including the DPO, who is in charge of checking that everything has been done to implement the GDPR across the organization). As such, it is crucial that processes can be tested, taught and where necessary repeated to improve GDPR-compliance. The GDPR is still a relatively recent regulation, which can be improved, and which gradually eliminates any existing grey areas. It is clarified and evolves, in step with companies’ experiences, which is why communication is so important.

Ten steps to ensure continued GDPR-compliance: check?

One year ago, we published a pocket guide listing the ten steps to ensure continued GDPR- compliance. Some of these 10 steps were relatively easy to validate, whereas others continue to evolve or are continuous processes. Where do you stand at the moment?

Consent and opt-in: two different things!

Often consent and opt-in are considered synonyms, which probably also explains possible errors. There is a very subtle difference between consent and opt-in. Consent is generic and relates to the marketing objective, whereas opt-in implies the notion of a channel. When users give their marketing consent but refuse to opt in to receive text messages, this should not be taken to mean that they are not interested in receiving newsletters or paper mail. The opt-in implies marketing consent. However, the reverse is not true. If users do not give their marketing consent, then you cannot link any opt-in to their profile. How to obtain valid consent then? Perhaps this would be a good opportunity to reread our article on this topic.

About the author


Benoît De Nayer


Benoît is the co-founder and co-CEO of Actito. Since 2000, he has been overseeing the company's product strategy with humor and flair. He started his career as a lawyer and researcher in consumer law at the Université Catholique de Louvain (Belgium). He holds a master's degree in law from UCL and a master's degree in tax law from the Université Libre de Bruxelles. Passionate about the legal world, Benoît knows the GDPR regulation inside and out.