As the May 25th GDPR compliance deadline inches closer, businesses are scrambling to shore up or rebuild their data security infrastructure. This new set of regulations will serve a seemingly simple and positive purpose: to protect the data of EU citizens and clients who hand over access to that data when they engage with companies online. The law ensures that users and consumers own their personal information and exercise a measure of control over what happens to it, and how it can be used, transferred, or shared. The law has been written and will be enforced by the EU Commission, but since many companies in the US—both big and small—serve EU customers, these companies are complying with the GDPR in ways that bring protections and benefits to their US customers as well.
For example, large entities like Google and Facebook are deciding that it’s more practical to apply these new tighter data protections to all of their users, not just those specifically covered by the language of the GDPR language.
So how can this be a negative turn of events? If consumers are notified and informed about their data usage, companies act with greater transparency, alerts are provided in the event of a hack or breach, and consent documents are written in plain language that gives users the right to opt in and out, what could possibly go wrong?
Smaller Companies Struggle to Keep Up
The answer comes from smaller, independent companies and fragile startups who find themselves bogged down financially and administratively by steep compliance requirements. Digital marketing firms, online gaming companies, and other small organizations—especially those with business models that depend on data sharing—may be swallowed up by the changes taking place in this year’s data privacy landscape.
While some may consider this a kind of morality tale—a demonstration of how agility and ethical data management contribute to survival, and detriments in those areas lead to failure—the truth is not so simple. Smaller companies may end up struggling to meet compliance obligations in other markets, clearing the path for larger entities with an already disproportionate hold on market share to dominate. And any change that shifts the balance of success in favor of established firms tends to stifle a climate of opportunity, risk, and innovation.
But this age-story doesn’t have to play out along the same old lines, and in 2018, smaller firms can certainly find affordable, manageable support as they navigate this challenge. These small firms face several options, including developing innovative changes to their business models and revenue structure, data collection efforts, and other internal programs to better comply.
If the GDPR represents an existential challenge to your company and its future, take action before the deadline.