At the start of 2018 many of us wondered whether GDPR “would stick.” Would GDPR be enforced rigorously, or rarely? Would other countries adopt similar laws? And perhaps most relevant to us, how would it impact marketing automation?
2018 as a Marketing Turning Point…
Now as we start 2019, the writing appears to be on the wall. In 2018, the horrors of the abuse of PII (Personally Identifiable Information) impacted the world to a greater degree than ever before:
- Over 2.6 billion records were exposed,
- 500 million from Marriott/Starwood alone
- 1.5 billion Social Security numbers were stolen
- Both Google and Facebook PII was stolen (and now Amazon has a data scandal)
But perhaps most important of all is the impact.
Not only were money and identities stolen:
- elections were influenced
- major brands of routers were penetrated (Netgear, TP-Link, Linksys, ASUS, D-Link, and Huawei)
- major institutions like the Olympics, National Health Service Cathay and British Air, and the city of Atlanta were hacked or held hostage
- and even weapons and weapon systems were hacked.
Fines and Injunctions
In addition, the fines, orders to stop processing, and other injunctions are coming in. In the UK alone, the ICO fined over a dozen companies hundreds of thousands of pounds each, including Facebook, Uber, and even the Crown Prosecution Service (equivalent to the US Department of Justice). Facebook now faces a second possible fine of up to 1.6b euros for their Cambridge Analytica breach. In light of the tremendous impact of PII being stolen, it seems almost a given that many more will come as the DPAs (Data Privacy Authorities for each country) spin up to speed.
Law Makers Taking Notice
And politicians are catching up. According to the UN, 58% (107 member countries) now have PII regulations in place, up from 62 countries a year ago. Even individual states like California and Vermont have new PII laws in place, with California’s law scheduled to take effect on January 1, 2020, less than a year from now. Both the US Senate and House of Representatives are actively considering privacy legislation similar to GDPR.
So as marketers, Privacy Law is HERE. Legal PII considerations are no longer optional. Tracking when, why, and how you gather names, how long you keep them, and whether you have consent is now going to be required for marketing survival. It’s now too late to “get ahead of the curve.” All you can hope to do is catch up.
It’s hard to see history being made while living through it. But in retrospect, 2018 was an amazing year for human rights, and a crucial turning point for marketers. We must now adapt quickly and dramatically to this new world to keep our jobs, avoid corporate legal jeopardy, yet maintain our lead flow.