That’s right, Europe’s General Data Protection Regulation (GDPR) just turned two years old. Seems like just yesterday this new legislation was the hot topic, and organizations were spending big dollars and months of development resources to ensure they were in compliance. Many were sure these new data privacy regulations would trigger millions of dollars in big fines, and even jeopardize the existence of some companies doing business online.

Fast forward two years, and there’s a lot of online discussion about what exactly GDPR has done for data privacy and the way companies look at their own roles in protecting consumer information. We haven’t seen the level of immense fines everyone anticipated, but GDPR has done much to elevate overall focus on compliance.

Consumers have greater awareness of how their information is used/shared

It’s been a long and slowly increasing trend, but consumer awareness about data privacy is gaining momentum. GDPR has helped by further bringing to light the way businesses gather personal information, the types of information they gather, and the rights consumers have over the protection of that data. In turn, companies doing business under GDPR are forced to handle that data with greater focus on compliance, including improved security controls and even adherence to guidelines that dictate how a company may use consumer data.

And yes, online consumers are also probably seeing a lot more website cookie messages these days. These messages aren’t the “be all, end all” of consumer education, but they are ongoing reminders to be increasingly aware of online privacy measures.

Other countries are aligning with GDPR legislation

By now, you’ve no doubt heard that many countries, states, and local governments are now aligning upcoming privacy laws with GDPR regulations. Here in the U.S., there is movement to further address data privacy at the federal level, and California’s new privacy law, the California Consumer Privacy Act (CCPA) became effective on January 1, 2020.

While the U.S., Brazil, and other countries working toward nationwide privacy laws aren’t necessarily developing mirror images of GDPR, they are working with the same general data privacy principles in mind.

Companies must adapt to growing data privacy regulations

Compliance with data law isn’t an option. Enforcement of privacy laws such as GDPR require companies to keep comprehensive compliance policies and procedures in place—and of equal importance, they must regularly review and improve upon those policies to remain current and compliant. Be it GDPR, CCPA, or perhaps even local law enacted in the future, companies have had to, and will need to continue their focus on data privacy and consumer education.

So, GDPR may only be two years old, but its impact is already proving to be far reaching and important legislation for both companies and consumers.