In school, there are always three types of students:

1. those who regularly study and are ready for the exam
2. those who cram the night before in order to just pass the exam
3. those who wing it and hope for the best. The world of digital policy and regulatory compliance is not all that different.

The world of digital policy and regulatory compliance is not all that different.

Recently the chatter around General Data Protection Regulation (GDPR) has increased as we all face the May 2018 “exam” to see if we are compliant with the new European Union (EU) rule. While the goal of the regulation is intended to strengthen and unify data protection for all individuals within the region, it has caused a mixed reaction in the digital marketing world — much like that of students facing an upcoming exam. Rightfully so! There is a lot to think about, including

• The right to be forgotten
• Access to an individual’s data
• The need to inform a user when data is breached
• Data protection by design, not as an afterthought

But this entire situation brings up a bigger question: how does your organization want to behave in regard to regulations and laws that impact digital marketing and online activities? Do you want to be the student that regularly studies and is ready when the day comes, or do you want to wing it and hope for the best?

GDPR has demonstrated — just like accessibility, cookies law, and data breach before it — that you have choices when it comes to digital policy and how you absorb legal changes into your digital space. You can keep up on digital policy and incrementally adopt changes, and thus be prepared for any big new regulations, or you can stay in a reactive mode, rushing to make business and operational adjustments as new requirements come into effect. Or you can do little to nothing, and take your chances — including regulatory fines and lawsuits.

For those who have been staying in lockstep with digital policy trends, GDPR certainly introduces new requirements, but because they have been complying with existing regulations (e.g., data breach, children’s online privacy protection, data localization in some countries, etc.) those requirements will have a contained impact on how digital is executed. In addition, the business may have already been thinking about the relationship with prospects and customers and shifting the marketing strategy to some of these smaller digital policy requirements, which now makes GDPR all that much easier to deal with and implement.

So, as you face the big countdown clock to May 2018, think about the type of digital policy organization that you want to be and determine how you want to position yourself to address GDPR, as well as future post-GDPR regulations. This is just a taste of what you will be seeing in years to come. And it is up to you to decide — will you incrementally prepare so you are ready when the big “exam” comes, or will you cram the night before, or will you simply wing it?

‍