Skip to main content
close search
site logo
Dive Brief

The US is not GDPReady — let alone informed

Published April 27, 2018
By
Associate Editor
Flickr; Robert Couse-Baker

Dive Brief:

  • GDPR may be deterring some American businesses from operating in the European Union, according to a CompTIA survey of 400 executives and professionals across industries and businesses in the U.S. Around one-third of businesses don't think the regulation will impact their EU business, and another third think it will negatively impact willingness to do business in countries under GDPR's scope. The remaining companies are unsure.
  • Confusion abounds over GDPR's geographic scope and what type of companies it will affect. Only one-quarter reported being "very familiar" with GDPR, and around 30% believe the regulation doesn't take effect until the end of the calendar year. Around two-thirds of American companies are unaware of the fines imposed by GDPR for noncompliance — 4% of global annual turnover or approximately $23.8 million (whichever is greater).
  • About half of respondent companies are either fully, mostly or somewhat compliant, and despite associated costs most reported secondary benefits from conducting data audits, readiness assessments and other compliance measures.

Dive Insight:

Compliance efforts have been lagging around the world, but for companies outside of the European Union, deferring to a foreign regulation and upending internal processes to comply may be counterintuitive. GDPR may not readily apply to companies without an EU footprint or user base, but as more vendors and providers roll out global compliance solutions and have to hold partners accountable, businesses that thought they were exempt could still be caught in the crosshairs.

Google, for example, released requirements for advertisers and publishers on its platform related to user consent and paths to revoke that consent. An American company confined to the geographic regions outside of the EU is still subject to these policies.

Box, a cloud content management company, assesses and audits vendors handling personal data in accordance with GDPR compliance mandates. If an American company wants to do business with this Silicon Valley-based cloud company, it too must meet the new data protection standards. 

Even when compliance doesn't appear mandatory or unavoidable, recognizing and adjusting to the new global data protection paradigm being ushered in by GDPR can be beneficial for a business in the long run. GDPR is ultimately a tool to protect the data rights and privacy of individuals, and by holding companies accountable to these individuals promotes data-centric business models and cultures.

Recommended Reading

Filed Under: IT Strategy

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell