GDPR or something like it
26 April 2018 | 0
As we head into the last month of GDPR preparations it’s interesting to see how US companies are treating the sea change in how personal data is generated, stored and processed. Based on Mark Zuckerberg’s performance in front of Congress earlier this month we know there is broad agreement among informed law makers that GDPR is perhaps something worth emulating. Zuckerberg himself, in calling for some form of regulatory oversight, came out in broad agreement with its principles, if not the execution.
While the tech giants figure out what they can still get away with the good news for consumers is we are seeing movement on policies and features that will protect us from ourselves. Facebook-owned WhatsApp has raised the age where users can sign up for accounts from 13 to 16. Don’t get too excited, Facebook itself is moving the data it holds on all its users out of Ireland and back to the US – removing a headache for the Office of the Data Protection Commissioner and creating one for the EU.
Google, too, is showing off a range of Gsuite tools for consumers and businesses such as expiring messages that should limit the amount of data held on its servers – at least on your account (downloaded messages are another matter).
But how about the smaller businesses looking to operate in the EU? According to a survey released by the Computing Technology Industry Association this week, US businesses have, at best, a limited understanding of GDPR.
The study of 400 professionals across all sectors showed that 52% had a limited understanding of GDPR – considering it either not a problem, something they were only exploring or were generally unsure about. The survey also showed a number misconceptions, such as its application beyond companies based in the EU as opposed to ones merely doing business there, and whether it only applies to multinationals. There was even confusion as to when it comes into effect – a third of respondents put its effective date at the end of the year. Oh, and two-thirds were unaware of the 4% turnover/€20 million fine for non-compliance.
Given these statistics it probably comes as no surprise that only one in four respondents claimed to be ‘very aware’ of GDPR, only 22% had a compliance plan and 21% had conducted a data audit.
Like many, I’m convinced the import of GDPR won’t be felt until the first round of fines are handed out. For the small non-EU businesses compliance forces one of three decisions: invest in it; hope no one notices your substandard practices; or decide the cost of doing business outweighs the benefits and pull out.
There will be kicking, screaming and evasion in the short term but I think GDPR or something like it will become a gold standard in business and that compliance will more than pay for itself. In any case, where’s the harm in being able to show your customers you are an honest actor when it comes to their data?
Four weeks and counting.