When it arrived in 2018, the new Regulation caused quite a stir. This reminder of the rules within a digital world that was still akin to the Wild West made some people anxious. However, others have taken advantage of it. Let's take a look back at 3 years of GDPR.

The General Data Protection Regulation (GDPR) has been effective at pressing where it hurts. Since its implementation in 2018, various authorities have issued fines totaling €386 million, worldwide. With some record-breaking amounts (CNIL has recently hit Google with a new record €100 million fine). And the "crackdown" continues to intensify. In Europe, this year has seen a 65% increase in penalties compared to 2019, with average fines rising by 7%, and the year isn't over yet.

Double Trouble

But the repercussions for businesses aren't just financial; they are predominantly reputational. Google's own search engine indexes 1,300,000 results mentioning its violations of the GDPR (quite the irony). The mark left is permanent. And it's twice as substantial as Usain Bolt's record-breaking performance at the Beijing Olympics (not all records are created equal).

The result is a further erosion of trust. This year, data protection is the third leading reason for 16-25-year-olds leaving Facebook in France (17% of reasons). After several missteps (Cambridge Analytica being the most notorious), 74% of its American users have taken steps to redefine their social media experience. It's all about trust between a brand and a user who shares their personal data. The breach of trust doesn't stem from the data collection or even its use, but rather from its recovery by a third party.

Building Greater Trust

But GDPR can also be an opportunity for businesses. Firstly, it enhances cybersecurity and digital skills. Secondly, it restores the trust contract with customers, through transparency. Today, 74% of internet users consent to a site's privacy policy without ever reading it. These pop-ups are disruptive to their browsing experience. Yet, they create the impression that the brand is merely covering itself legally to comply with regulations, like the fine print in an insurance policy, rather than genuinely caring about security or trust.

This is a fantastic opportunity to explain, with greater clarity and less legal jargon, the commitment that companies make to safeguard their customers' data. Have we ever questioned why all these pop-ups are so verbose and why they all seem alike?

The Saying "If It's Free, You're the Product" Is No More

That's what the new generations teach us. Far from being oblivious to how their data is used, they understand the benefits they can derive from brands that know them. Data isn't drained by brands; it's exchanged for services (affinitive content, personalized ads, exclusive promotions, etc.).

Let's not get the issue wrong. The goal isn't data confidentiality; it's the trust between a user and a brand.