The GDPR turned from a threat to a reality at the stroke of midnight in European Union (EU) countries today — and for many businesses with an online presence, the results aren’t pretty.

Many high-profile websites, including the Chicago Tribune and the LA Times, were suddenly unavailable to readers in the EU.

And privacy activists have already Facebook, Google, Instagram, and WhatsApp of breaching provisions of the GDPR.

GDPR Reinvents Data Protection

The General Data Protection Regulation (GDPR) — the EU’s new legal framework for data protection — creates sweeping changes in privacy protections. The rules aim to protect all EU citizens from privacy and data breaches and create a clearer and more consistent framework for digital businesses.

The legislation went into effect today, bursting the illusions of procrastinators who have shrugged off compliance for more than two years. The regulation was adopted on April 14, 2016.

Pinterest-owned Instapaper, a read-it-later service that lets users ‘clip’ articles and pages, had to temporarily shut down its service in Europe because it failed to adopt compliant data protection rules.

About the GDPR

The GDPR fundamentally changes how data is used, protected, and controlled — and forces marketers to rethink how they communicate with consumers. It shifts the balance of power to consumers by expanding their rights to modify, delete, and receive copies of the data an organization holds on them.

The law protects personal data and regulates the processing and transfer of personal data by data controllers — an entity who determines the purposes, conditions, and means of the processing of personal data — and data processors — those who process personal data on behalf of data controllers.

The General Data Protection Regulation “will impact every website, brand and digital ad technology company that touches even one consumer across the Atlantic,” Ad Age’s Garett Sloane wrote recently.

But only a fraction of websites are fully GDPR compliant, according to a survey from business analytics leader SAS.

Less than half (46 percent) of the global organizations surveyed expected to be compliant by the time the GDPR went into effect today. Among surveyed U.S.-based organizations just 30 percent expected to meet the deadline. In the EU, 53 percent expected to meet the deadline.

Is Your Site Accessible in the EU?

The first thing companies should do today is check whether their site is still accessible in the EU. Even if it is, tread lightly. Continue to check your site once a week for the coming week as the implementation period is likely to take several months.

And in the meantime, make sure you have a structured plan in process to comply with GDPR. Make sure you:

  • Determine all sources of personal identifying information (PII) and personal sensitive information (PSI)
  • Know where this data is located, why is it stored, and how long is it kept
  • Map your system data
  • Be clear who has access to your PII and PSI
  • Encrypt your data
  • Test and document your security
  • Document and discuss the location of your servers with your legal team
  • Make sure you have the right technology solutions to ensure compliance

Arke Offers GDPR Help

For the past several weeks, Arke CEO and Co-Founder Eric Stoll has discussed the practical application of the GDPR.

His articles are designed for those who use marketing technology platforms for websites, marketing automation, and customer relationship management (CRM).

You can review the insights here: