Looking to connect and grow your business? Download our free eBook

After GDPR: What’s next for privacy policy?


It’s been over a month since GDPR came into force on 25 May and the dust has now had plenty of time to settle. As companies emerge from the rush and confusion that GDPR brought about over the last year or so, we can begin to appreciate the reality of what GDPR has changed and what we can expect in the future.

GDPR was always intended to be a regulation that would be constantly amended and updated, ensuring to consistently defend the rights of individuals and their personal information in years to come.

With GDPR only just coming into effect, it’s difficult to be certain of what exactly is coming, but here are some likely possibilities:

Greater focus on cookies

Cookies were already a relatively large focus for GDPR in its current regulatory form; under GDPR, it is required that any individual or company operating a website disclose which cookies were embedded on their site, as well as what information was being recorded and for how long. However, we’re very likely to see significantly tighter regulations for cookies in the near future as part of the EU’s ePrivacy Regulation, due to come into force sometime in 2019.

The primary change that the ePrivacy Regulation aims to create is for websites to enforce cookie policy agreement on a cookie-by-cookie basis before the website visitor can gain access to the site content. What this means is that users will need to consent to each cookie recording their data before they can advance to the site itself – a notable change from the generic ‘I agree’ option offered by many cookie policies today. Cookie management plugin provider, www.cookiebot.com provide an example of how these post ePrivacy regulation consent banners may appear.

Introduction of a US data privacy policy

While all European businesses have been obliged to fully comply with GDPR, the same cannot be said for their US counterparts. Though the USA is home to some of the world’s largest data processors and controllers with huge European audiences, American businesses have been subject to much less data privacy regulation to date, as GDPR only impacted US businesses operating or serving customers in Europe. Rather than step in line with GDPR, some US-based companies have taken the drastic step of suspending service for customers based in the EU rather than work on their compliance.

Nevertheless, this could prove futile as the US is currently devising their own data privacy policy, which is likely to involve similar compliance requirements to GDPR. The exact specifications and effects of this regulation remain to be seen, but it can be safely assumed that as many organisations based in Europe have connections to the US, the impact, regardless of its size will be felt here.

New or refocused regulations

GDPR has been publicly accessible since 2016, meaning that it is likely that new or updated regulations will come with a similar grace period of around two years. However, there is no telling how significant any potential changes may be, and there are no guarantees as to how long data processors or handlers would have before compliance with these updates became obligatory.

Because of this, it is essential that individuals and organisations alike keep up-to-date with GDPR developments. The ICO website is a great resource, which businesses can refer to on a regular basis to ensure they continue to comply with GDPR as it evolves.

Throughout our GDPR blog series, the key takeaway has always been that businesses have to be proactive when it comes to compliance. It is far better to be over-prepared than to incur the serious financial consequences from the ICO; so be sure to keep up-to-date with what is required of your organisation when it comes to personal data regulation.

If you’d like to find out how to keep your Dynamics system up-to-date with future GDPR developments, get in touch with a member of our team.

Get In Touch

If you wish to get in touch, please contact us using the details below.

City Dynamics . 131 Finsbury Pavement . London . EC2A 1NT