The application of GDPR ongoes for three months. There was a lot of fear and confusion among companies, but the average citizen was given the opportunity to access their aggregated personal information on social networks, more clearly explained ways and purpose of processing this data when using loyalty programs and sending marketing materials to the email address
Over the past few months, the concept of GDPR has embarked on the collective consciousness of Croatian citizens, partly because of everyday articles on the subject in the media, partly because of requests for irritating consent forms sent by e-mail. Behind this concept is the Universal Data Protection Act (GDPR) that came into effect on May, 25 when its popularity on Google overcame the World Cup at the front, as well as numerous world stars such as Rihanna, Beyoncé, or Lionel Messi. Today, three months after, the number of searches has returned within the usual framework and many portals have ceased to inform citizens and organizations on the obligations the Regulation will introduce. The result of these articles has often been the deepening of confusion and fear of the Regulation and the rigorous penalties it prescribes. On the other hand, the result of the Regulation is a clearer process of processing personal data.
There are three examples in which an average citizen could get acquainted with the Regulation: the ability to access their aggregated personal data on social networks, the more clearly explained ways and purposes of processing personal data when using a loyalty program, and giving them permission to send marketing material to an email address. Related to this, companies have the challenge to identify the personal information in their possession, revise or establish their privacy policies and personal data handling, and establish the legal basis for each process of handling or using personal data in their business.
The best advantage that came with the Regulation is filtering out a large number of ‘newsletters’ that come to our inboxes every day. Prior to the Regulation, many organizations that collected our e-addresses for various purposes unilaterally decided to use them for sending marketing materials. With the Regulation, all these companies have to prove that each individual they send these materials has given them a clear and unambiguous consent, most of which did not have them. In order not to be left without the ability to send marketing materials to masses, the companies sent out panicky consent requests on the 25th of May, hoping to respond as quickly as possible and to maintain their marketing reach.
A lot of workload for the companies