Responses in the email newsletter industry have varied from OMG to Who Cares, and we still don't know what the implications will be. Will non-profits and small businesses be ignored while the EU pursues deep-pocketed companies? Will the impact vary much from country to country? How much will European citizens (and British citizens) report on problem behavior they see? How much non-compliance will be tolerated?
Law.com: One CLO Tested His Employees’ GDPR Knowledge. He Was ‘Shocked’ at What He Found, 2018-Aug-2, Interview of CLO John Boswell of SAS Institute by Phillip Bantz
“After we had done hours and hours of training, we did [the calls] and we were shocked at how poorly we did as a company,” Boswell said. “It showed us that although we did all this training, we weren’t doing it right or we weren’t as effective.”
While the results of the test were disappointing, Boswell used the experience as a teachable moment to “see where we missed the mark.” He said he plans to test another random sample of SAS’s more than 14,000 employees at some point in the future.
...Boswell eagerly awaits additional guidance from the EU Data Protection Authorities that enforce the GDPR.
Under the law, the definition of personal data is broad, encompassing everything from Social Security numbers to email and IP addresses. This means SAS has to jump through new regulatory hoops whenever it shares a bank of emails with another company to validate software, Boswell said.
“Over time, hopefully we will get a sense from the regulators in Europe as to what they care about and what they don’t,” he said. “Right now, every company in the world is out of compliance with the GDPR in some way. The only question is how bad is OK?”