Did GDPR actually make ANY difference to how our data is handled?

Yeah, but if its really helping you I dunno.

Yes, a client of us (an airline) wanted to send an email to a large group of customers (about 85.000). They were only allowed to send it to a group of 500 people because they didn't ask permission in the ordering process.

Yes, and I like it. Now I can ask questions about my data and I must be answered. No more ignores or "we do not provide this information"!

Whenever I'm filling out a paper form I always ask "what are you going to use my contact info for? What do you need my home address for?" and they are obligated to answer.

Got rid of lots of potential spam thanks to GDPR

No. We're still doing the exact same thing as we did, but with more pain, more useless checks, and we annoy customers a lot more in the process.

Oh, and apparently there are new scams out there thanks to GDPR. I got called by "The electric company" that I had a contract with, and telling me that the company is gone bust, and they need to make another contract with me fast. When I asked them to send me details over e-mail, they used GDPR as a pretext to not being able to provide more info, to not being able to send me e-mails because that's breaking the law, and that I had to accept over phone, and yadda yadda.

Look. It's all bullshit. Thanks to GDPR we now have a shit ton more pop-ups on every single site, that consumes valuable time and traffic, and that can actually hide malicious JS.
Nothing else changed.

Yes, you can take a look of what data has been collected

@AndSoWeCode How would that hide malicious js?

Except for that, at least over here it has already changed some stuff for the good (having more choice as for being tracked online, huge fines for companies who mishandled data, I don't get Dutch spam emails anymore and more)

Just wondering when Google (and facebook) will get their first fines :)

@linuxxx it forces a user action, to click on something. I haven't done frontend development in some time, but in the past the browser imposed some security on certain actions.
For example you couldn't submit some kind of forms if the function call is not a result of an user action (click).
There have also been malicious sites in the past that would fish a click from the user and that would exploit a vulnerability in, say, Facebook, to post from your behalf.

I don't keep track of this stuff any more, but I've learned that there is A LOT, and that any page I visit for the first time deserves as few clicks from me as possible.

There's also the privacy factor. I can't track what information a website is tracking, but if I started a Session on a potentially clickbait site, I don't want to send another event with my click and give them more info about my visit.

I want the old fashioned way - I click, read the tile and top few rows, and if I like what I'm reading - I stay.

@linuxxx with the <insert big company name that handles hundreds of thousands of customers> that I work at, nothing really changed. We were responsible with customer data in the past, we respected customer wishes (if we spam a customer, that customer is lost to us). Nothing changed on this front. It was in our best interest to serve the customer in the best of our ability.

What did change, was that some people had to write a fucking dissertation on customizing tracking scripts. Why? Because when faced with any dialog, customers don't even read it, and press the "X". When interviewed, most opted in for being tracked if that improved their website experience (for us to know what they're looking for, based on past behavior), and save their time in the process. But when faced with that dialog, around 10% press the button to accept being tracked.

It's an exercise in framing (referring to Kahneman's work), and GDPR forces a kind of framing that deters user-friendly interaction.

@AndSoWeCode Hmm I get what you mean but wouldn't more upset interaction mean that tracking options would be available?

If you'd remove those, the visitor wouldn't have as much choice as for opting out of tracking (whether you care about that or not, it should be a choice you can make).

As for the big companies, it actually has resulted in huge fines already over here and companies being forced to respect customers wishes when they didn't have to at first so over here it's already made a difference.

@linuxxx less than 5% of people understand what "Tracking" means. The word itself is misleading and framed in a negative connotation. People can't choose what they can't understand. And they don't want to understand about it when they're trying to see how much a vibrating waterproof rubber duck costs on a particular website.

As for big companies - they're the ones usually following customer wishes best of all. Small companies are the biggest culprits. For example when I had to pay the city tax in Milan, the representative of the company that provided rental apartments simply called someone on the phone and started dictating info from my passport and my debit card. That's like one of the most important parts of GDPR being shat on. And if they did that in front of me, how do you think, what's gonna happen with my check-in form and other, quite sensitive personal information?

And small companies get away with it. Big companies wouldn't even dream of it.