The GDPR is coming and even though it is an EU law, it will have a profound impact on businesses around the world, even those that don’t have a physical presence in the EU.
That’s because the GDPR’s protections apply to all individuals within the Union and non-EU companies that control or process data from individuals in EU are expected to register a representative and comply with the law. Those that don’t face stiff penalties, including fines of up to €20 million or 4% of global annual turnover.
Those fines likely explain why, according to a survey conducted by NetApp, which polled over 1,100 C-suite executives, CIOs and IT managers, companies around the globe are worried about the potential effects of the GDPR on their businesses.
44% of the companies NetApp surveyed fear that they could lose revenue because of a failure to comply with the GDPR. In the US, the percentage is even higher, with just over half of companies expressing this concern.
Globally, half of companies also worry that a failure to comply with the GDPR could result in reputational harm, a fear that doesn’t seem misplaced given the fallout from Facebook’s Cambridge Analytica scandal. Econsultancy’s own GDPR research shows a starker picture, with 70% of brands very or somewhat concerned about the damage to brand reputation associated with non-compliance.
But the concern around GDPR compliance cuts way deeper than revenue loss and reputational damage. Globally, 35% of companies fear that the financial penalties possible under the GDPR could imperil their very existence. In the UK and US, over 40% feel this way, according to NetApp.
Unfortunately, while awareness of the GDPR is relatively high, two-thirds of companies are not confident they’ll be in compliance with the GDPR when it goes into effect. Beyond the general complexity of the GDPR, there’s a seemingly good explanation for this: well under half (40%) of those polled by NetApp indicated that their businesses are confident they know where their data is stored.
According to NetApp, “Understanding where data is stored is the first step for businesses towards GDPR compliance.” In other words, it’s hard to comply with the GDPR if you don’t know where the data you’re required to protect actually lives.
Econsultancy’s GDPR research is perhaps more optimistic than the NetApp figures, with 33% of clientside marketers saying they already have a plan or framework in place for compliance and 50% saying that whilst they don’t yet have a plan, they are working on one.
A silver lining
The good news for companies is that despite any challenges they face in complying with the GDPR, the opportunities will arguably far outweigh the costs. As Kieran Flanagan recently explained, the GDPR will help companies deliver better user experiences and use their data more effectively.
“If you focus on this as an opportunity to improve how you handle data and how you engage with your prospect and customers, you’ll see that this is a step in the right direction,” he suggested.
What’s more, given the likelihood that rules similar to those promulgated by the GDPR are eventually likely to be enacted in other parts of the world, including in the US, companies that make the effort and investments necessary to comply with GDPR should be well-positioned to deal with new legislation. This is likely to be especially true for businesses that embrace the GDPR as a global standard.