GDPR is upon us. After months of articles, information, speculation, and warnings—alongside a few large and controversial data breaches—the deadline of May 25th came and went in somewhat anti-climactic fashion.
Some have likened it to another Y2K scare that will come and go and pass into the dustbin of history.
R-E-S-P-E-C-T: Show GDPR a little respect
In reality, GDPR means big changes, and businesses should give it the same respect they would give to a high voltage line. As there have been no high-profile data breaches yet to demonstrate the seriousness and severity of enforcement the GDPR will mandate, we likely will not know how stiffly the laws will be applied until the first fines are handed down.
Will larger companies exemplify the dictum that with great power comes great responsibility, and greater consequences for mistakes or negligence?
Consider how a high voltage line looks exactly the same when it is dead as when it is live – therefore it’s deadly. The line can go from dead to live without having to demonstrate its sudden power, and not until some unfortunate person comes into contact with it are we aware of it. Treating it as though it is hot seems like a worthwhile adaptation of Pascal’s Wager.
Show me the data: If you’re not GDPR compliant, you’re asking for trouble
About 80% of US companies will not be GDPR compliant by the end of 2018. This is because many don’t realize that they operate within the geographic jurisdiction of this new regulation.
One survey reported that only 16 percent of US companies believe that GDPR even applies to them, which, according to Richard Levick, “just doesn’t jibe with marketplace reality.”
It is reasonable to assume that should your business come under scrutiny and/or experience the misfortune of a data breach, you are likely to find more leniency and understanding if you are actively planning and working toward compliance than if you are not.
Paul Jordan, managing director of the IAPP in Europe, said, “I think it’s quite clear that a number of companies won’t be ready [for GDPR], but if they can demonstrate they have been planning appropriately [then regulators will give them] a certain leeway.”
Businesses must power up GDPR compliance efforts
Just because the GDPR deadline has passed and gone into effect without the thunder and lightning of economic crumbling or massive fines, if you have not yet successfully implemented compliance measures, this is not the time to forget your efforts on the back burner.
It should be no surprise that many businesses haven’t even addressed the issue of GDPR compliance. What if you’re one of those? You cannot remain neutral. Your silence will answer for you.
Whether you mean it or not, ignoring GDPR compliance will say to many consumers that you have been found out and your business model cannot function without the abuses and manipulation that GDPR means to end.
If you’ve been holding out or playing “wait and see what really happens” then you know it’s time to act and still get in on the first wave. When 70% of consumers don’t trust that companies are using their data ethically or responsibly, showing your hand and being transparent will go a long way in retaining your customer’s trust.
High voltage lines can bring life and growth or injury and death, depending on how you approach them. With proper understanding and preparation, one can approach and handle high voltage lines without injury, and those lines can power schools and hospitals and businesses. Likewise, GDPR can still become an advantage for businesses who approach and engage it with the proper understanding and preparation.