Much like Y2K, the long-awaited and much-feared GDPR compliance drop dead date of May 25th came and went without much ado. This left many of us, both in business and in the legal field, asking, “Now what?” As we await new guidance, precedent, and law informing how the EU’s Genera Data Protection Regulation will be enforced, one fact remains clear for our clients: now is as good a time as any to double down on compliance to ensure your company is GDPR ready.
Recent reports found that 85% of firms and companies in both the EU and the US were not prepared to fully comply with GDPR by the May 25th deadline. The same reports estimated that 25% of EU and US companies will remain unable (or unwilling) to comply through the end of 2018. These reports come from surveys taken from 1,000 executives across eight countries, including the US.
What this tells us is that many businesses do not fully appreciate the two biggest reasons to become GDPR compliant: 1) to avoid the draconian penalties for violation of the GDPR, and 2) to gain an early competitive advantage.
Why Should You Comply?
As noted in our earlier client alerts, GDPR penalties for noncompliance are clear and harsh. Companies can be fined up to 4% of the enterprise’s worldwide income, or up to 20 million euros for every individual infringement. You read that correctly – per infringement. While we do not yet have a historical record of enforcement and penalties to look to, we can only assume these harsh measures will be used as a tool to ensure wide-spread compliance.
In addition, few companies are realizing the competitive advantage offered by GDPR compliance. Rather than viewing the GDPR’s requirements as an unnecessary headache, companies should welcome the opportunity to beef up data protection and privacy practices in a business environment fraught with constant breach incidents and privacy mishaps. Boasting the most up-to-date and cutting-edge privacy and data practices can be a clear and strong differentiator in a marketplace full of consumers who are not only sick of having their data compromised, but who, studies show, are also willing to spend up to 24% more with companies they trust as secure. Also, in the process of becoming compliant with the requirements of the GDPR, companies will have built more robust infrastructures allowing for greater data-led business decisions – critical for any company hoping to succeed in today’s economy.
Can We Still Comply?
Yes – and now is the time. The basic GDPR requirements are straightforward, and include the following:
As a start, follow the steps below to begin the compliance analysis in your organization:
Although no one is sure how GDPR enforcement will play out, we do know that many companies are taking unnecessary risks by avoiding compliance, and are missing out on business opportunities as a result. Particularly now, data and privacy protection initiatives must be high priorities for any organization looking to thrive in the modern marketplace.