Tech companies were recently given an ultimatum: to embrace Europe’s new, rigorous privacy laws or pay a price that could be well over six figures. These new laws, officially known as General Data Protection Regulations (GDPR), will be rolled out on May 25th.
A Push to Protect Citizens in the EU
In a nutshell, GDPR is a collection of laws specifically focused on data protection for EU citizens. Though it is a product of European legislation, American companies who sell products or services to EU citizens are being held to the same level of accountability. As a result, companies in both markets are shelling out millions of dollars on lawyers to help decipher exactly what these privacy laws mean. Tech companies are finding their work to be increasingly burdensome, considering they all thrive off of the digital ecosystem of personal information.
Weighing the Risk and Reward
While companies like Google and Microsoft are already getting ahead of GDPR, smaller businesses are scrambling to meet the upcoming deadline. These ambitious tech firms simply don’t have the resources at their disposal to hire a dedicated team of privacy experts. On top of the millions of dollars spent on lawyer fees, many tech companies who regularly handle sensitive personal information will need to bring on new, specialized IT professionals for day-to-day operations. According to recent studies by the International Association of Privacy Professionals (IAPP) and EY, American companies have spent nearly $8 billion preparing for GDPR. If they’re willing to spend that much on a protection plan for themselves, there must be a good reason.
The alternative is non-compliance, which carries a $24.6 million (€20 million) fine or 4% of annual turnover.
And there is. The alternative is non-compliance, which carries a $24.6 million (€20 million) fine or 4% of annual turnover. Such an alarming and unprecedented number can really put a serious damper on the entrepreneurial spirit. Even people with the utmost respect for customer privacy can make mistakes, especially in the beginning when they are learning the ropes. In these cases, overlooking or misunderstanding what GDPR means could bankrupt an individual or company before it gets off the ground. That is why it is absolutely essential to stay informed about the nature of privacy laws and how they can impact your business. If you don’t, you’ll be investing in a lost cause.
On the plus side, tech business who get it right will likely see a favorable return. Whether it’s a B2B or B2C relationship, complying with GDPR demonstrates a number of positive attributes about a business: it is trustworthy, it has a dedicated team of tech experts and lawyers (a huge appeal to corporate prospects), and it values its customers.
We don’t see our personal information floating around in the cloud, but we know it’s there - and so do lawmakers. It will take more than a savvy business owner to find “loopholes” when it comes to data harvesting. There is another option for companies feeling overwhelmed by GDPR: dump the personal data you have and move your business elsewhere. Unfortunately, that is only a temporary fix considering that this reform is widely praised as progress. The EU is just a test subject for what is bound to be a worldwide reform of information sharing. It is best to just jump on the compliance bandwagon now.