GDPR - four years on

When the privacy regulation, better known as GDPR, was introduced four years ago it created both uncertainty and headaches for many. What did the new changes entail, and how was this going to be implemented? Since the launch there have been several adjustments, and stricter measures have also been introduced. Even though several companies have been heavily fined, has it changed anything?

The reason for GDPR

Privacy is anchored in Article 8 of the European Convention of Human Rights with the following wording: "Everyone has the right to respect for his private and family life, his home and his correspondence.»

Today, many think of privacy as a matter of course, but it wasn’t until the 13th May 2014 that the Norwegian Parliament decided to further strengthen this protection by including it in the Constitution.

On the 25th May 2018, the European Union introduced further measures/stricter rules/higher measures with a set of regulations applicable for all member countries of the EU. This is what we today know as GDPR. On the 20th July of the same year, new regulations were introduced in Norway. The GDPR aims to further increase the privacy of all citizens in the EU and EEA with common legislation across national borders.

Privacy means that all people have the right to privacy and to make decisions about their own personal data. This also largely entails the right to have influence over the use and dissemination of one's own personal data.

Fines of up to 4% of yearly turnover

On the very same day that GDPR was introduced to the EU, the first complaints came in about breaches of the privacy rules directed at several giant companies such as Facebook, Google and Instagram. In Norway, several violations of privacy have also been reported, and it is not only the private business sector that this is aimed towards. Bergen was the first municipality in Norway to receive a fine of 1.6 million NOK. Since then, there have been pouring in with more fines. 2021 was a record year for issuing GDPR fines with a total of NOK 10 billion.

2021 was a record year for GDPR issued fines, with a total fine of 10 billion NOK.

It may seem like the largest companies calculate the risks and are not intimidated by the fines, especially when they win more than they lose.

The Norwegian Data Protection Authority claims companies that operate at the edge or above the law are also the ones that generate the most income.

Despite a set piece of legislation, changes and adaptations have been necessary since its introduction, which is not surprising as the law is still very new and technological developments happen all the time. However, some individuals like to interpret the legislation and put their own twist on things which unsurprisingly rarely works out in the user’s favor/works out for the individual.

An example of this is the "consent" boxes. You know, the ones that keep popping up no matter where you go online. The purpose of the "consent" boxes is to give users a choice as to whether they agree to be tracked and wish to share their personal data with the owner of the website or not. Firstly, there are great variations in how these are set up and it is not always as easy to opt-out or say no to. In other words, they are not always very user-friendly.

Did you know…
Google alone tracks 75% of all websites!

If you are given the opportunity to decline the sharing of your personal data, you should still not feel safe! It turns out that several websites do not respect your "no" and continue to share or take a very long time to delete your personal information. Kobler's own CEO Erik Bugge took strong action when he chose to block all websites from sharing his personal data. The result was that only 27% of the > 2,500 refusals to consent to the sharing of personal data were actually respected or registered his consent choice as no.

Are you one of the many who mostly click "accept" when the question about sharing data pops up on a website you visit? Or are you responsible for a website with a "consent" box? Then you should become completely aware of what it is you are actually giving your consent to. Not only for yourself but also for your company.

Too many people agree to pass on valuable data that can go to places like your competitors. "If you leak your customer data, you are in danger of losing your position", said Erik Bugge at the Green Camp conference earlier this year. Watch his presentation on what actually happens when you give your consent

Do you want to delete your search results?

Check out the Norwegian Data Protection Authority's instructions on how to delete your search results.

Going forward

There is no doubt that GDPR is here to stay. We can also say with certainty that there will be more adjustments to the legislations in the future. Unfortunately, it is not always easy to stay up to date with the ever-changing legislation/rules, though it is an important part of any marketer's job.

This autumn, in collaboration with ANFO, we are organizing a breakfast seminar with exciting and knowledgeable guests from the entire marketing industry joining a panel debate. We look forward to important discussions, hearing about various experiences, and you will also get useful tips and advice that you can implement in your everyday life.

Date: 27 October 2022
Time: 09.00-10.30

More information and registration at Anfo/events.