GDPR one year on: 5 things we’ve learned about scaling a privacy programme
Remember when GDPR was coming into effect last year, and every organisation we’d ever had contact with decided to send an email?
Some asked for our consent, some just checked in. More knowledgeable companies, or those who had taken good advice, didn’t email at all, trusting that solid privacy practices in the lead-up to GDPR made it unnecessary.
At the time, we shared details of our privacy programme; one year on, we’ve had a chance to experiment. We’ve learned some of what works, and what doesn’t. And regulatory guidance, events and enforcement have started to shed light on what good looks like for GDPR.
Yet the discussion at every privacy event I’ve attended in the last year, and every panel I’ve spoken on, inevitably turns to one topic...