The General Data Protection Regulation (GDPR) is not new. In development for over four years, the laws associated with this act recently went into effect in May 2018. Designed for the EU, the GDPR is focused on the issue of consumer privacy in the digital age. Specifically, it holds organizations that collect consumer data more accountable for said information, and gives the consumer more power in determining exactly which data is collected. Obtaining informed consent is also a priority.
Despite the GDPR’s lengthy buildup, research from Keypoint Intelligence – InfoTrends (InfoTrends) has determined that many industries are still far from educated on the topic. We profiled roughly 600 respondents in North America and Western Europe, asking each if their company had prepared for the GDPR. In the telco/utilities vertical, the responses were nearly 50/50. Over 10% of respondents had yet to hear of the GDPR, and another 20% were aware of it but hadn’t yet made preparations. This is no small matter when considering the enormous fines that can come with non-compliance, including a loss of €20 million, or 4% of a company’s worldwide annual revenue.
One of the biggest issues driving non-compliance is likely confusion about which companies are affected by the GDPR. At first glance, non-EU businesses may wonder why it matters to them—the GDPR is, after all, an EU regulation. Although the GDPR was designed with EU citizens in mind, it affects all organizations that perform even a fraction of their business with clients in the EU.
For example, a Mexico-based textile producer might not be directly affected by the GDPR, but this can all change if it hires a marketing firm for data collection to better drive product development. If even one respondent contacted by that marketing firm lives within the EU, then that Mexico-based textile facility would suddenly be completely applicable to GDPR policies.
One of the most important points that can be made about the GDPR is that it isn’t an anomaly—it is simply the first of its kind. Data collection has grown incredibly widespread in the modern business world, and consumers are concerned that businesses are not using their personal information properly. California recently passed its own legislation that is similar to that of the GDPR, and these laws will go into effect in January 2020. Meanwhile, other countries on a global basis are likely to implement the same standards as concerns about cybersecurity grow and consumers become even less trusting of corporate practices.
InfoTrends believes that all organizations should be proactive with data compliance, regardless of field or size. We have recently released the first in an extensive analysis series on data responsibility, and we urge readers to purchase the full report, so they can better understand how new and future legislation will affect their businesses in the future.
