Skip to main content
close search
site logo
Dive Brief

The US is not GDPReady — let alone informed

Published April 27, 2018
By
Associate Editor
Flickr; Robert Couse-Baker

Dive Brief:

  • GDPR may be deterring some American businesses from operating in the European Union, according to a CompTIA survey of 400 executives and professionals across industries and businesses in the U.S. Around one-third of businesses don't think the regulation will impact their EU business, and another third think it will negatively impact willingness to do business in countries under GDPR's scope. The remaining companies are unsure.
  • Confusion abounds over GDPR's geographic scope and what type of companies it will affect. Only one-quarter reported being "very familiar" with GDPR, and around 30% believe the regulation doesn't take effect until the end of the calendar year. Around two-thirds of American companies are unaware of the fines imposed by GDPR for noncompliance — 4% of global annual turnover or approximately $23.8 million (whichever is greater).
  • About half of respondent companies are either fully, mostly or somewhat compliant, and despite associated costs most reported secondary benefits from conducting data audits, readiness assessments and other compliance measures.

Dive Insight:

Compliance efforts have been lagging around the world, but for companies outside of the European Union, deferring to a foreign regulation and upending internal processes to comply may be counterintuitive. GDPR may not readily apply to companies without an EU footprint or user base, but as more vendors and providers roll out global compliance solutions and have to hold partners accountable, businesses that thought they were exempt could still be caught in the crosshairs.

Google, for example, released requirements for advertisers and publishers on its platform related to user consent and paths to revoke that consent. An American company confined to the geographic regions outside of the EU is still subject to these policies.

Box, a cloud content management company, assesses and audits vendors handling personal data in accordance with GDPR compliance mandates. If an American company wants to do business with this Silicon Valley-based cloud company, it too must meet the new data protection standards. 

Even when compliance doesn't appear mandatory or unavoidable, recognizing and adjusting to the new global data protection paradigm being ushered in by GDPR can be beneficial for a business in the long run. GDPR is ultimately a tool to protect the data rights and privacy of individuals, and by holding companies accountable to these individuals promotes data-centric business models and cultures.

Recommended Reading

Filed Under: IT Strategy

Editors' picks

Company Announcements

View all | Post a press release
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell