Get All Access for $5/mo

A 'Wait and See' Approach for GDPR Is Going to Be Pricey for U.S. Organizations Doing Business With the E.U. GDPR will help you gain more business in Europe. So it's time to implement this new data regulation before next May's deadline.

By Patrick Lastennet Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.


The General Data Protection Regulation (GDPR) is the talk of the business town, at least over here in my native U.K. If you somehow managed to escape this, the abbreviation refers to the major new European Union legislation due to come into effect less than nine months from now.

Related: The New EU General Data Protection Regulation: Big Data Protection Gets Personal

From May 25, 2018, any organization that controls or processes personally identifiable information about EU citizens must have stringent organizational and technical measures in place (or "privacy by design," as it's been dubbed), to comply with the GDPR.

The new rules are outlined at the regulation website, but include requirements like mandatory breach notification and the right of data subjects to receive confirmation as to whether their personal data is being processed, and for what purpose.

Why should U.S. businesses care? In fact, those that have customers in Europe or even those looking to expand across the Pond should be deep into their planning and implementation phases to get ready for when the regulation becomes law next May. Yet, research by the analyst firm Gartner has already shown that over 50 percent of companies affected by the GDPR will not be in full compliance with its requirements by the end of the looming deadline.

Related: Beyond the Privacy Fine Print: Making Privacy More Transparent

This is despite the fact that 92 percent of U.S. companies affected by GDPR cited compliance with it -- in a PwC survey of US-based multinationals.-- as a top data-protection priority.

This is hardly a surprise, given that whenever a new unifying law or big piece of legislation like this is proposed, organizations tend to take a "wait and see" approach, to observe how rules are enforced, before they make critical decisions on how far to go with their response.

This stance may prove difficult with the GDPR, however, as fines may range as high as €20 million (almost U.S.$24 million) or 4 per cent of global annual turnover -- whichever is greater. My advice to companies, then, is not to be tempted to "wait and see" whether the GDPR rules are enforced, or enforced differently in some countries than others.

Indeed, with this unifying data law just around the corner, a passive approach is a poor plan of attack. Companies need to be ready from the start -- and here are three key reasons why.

1. Customer data must be safeguarded.

There is evidence that suggests that privacy sells. Over the last couple of years, the use of ad blocks has increased significantly globally. A recent report by analytics company PageFair showed that ad blocker usage surged 30 percent last year. There were 615 million devices blocking ads worldwide by the end of 2016, with the key reason for downloading software being security.

There is also a rising awareness from the consumer side on the abuse of personally identifiable information (PII). This is of great importance to consumers: Their data must be safe, so the onus is on organizations to do this going forward because, first and foremost, it's the right thing to do and the ethical way to do business -- no matter the headache it causes at the start.

2. GDPR rules aren't luxuries, they're solid best practices.

The GDPR is the biggest shake-up to data privacy in a generation, but organizations must remember the overriding principle of these new regulations: to unify data laws across the European continent in order to shift the burden of proof from individuals to organizations. That means that the new rules act as best-practices guidelines for companies to follow. In fact, companies should already have the majority of these in place and now is the best time to start.

A "wait and see" approach makes sense only if the potential risks are outweighed by the efforts required to prevent them. GDPR may require coordination and effort in the beginning, but in most cases, it's just enforcing best practices for data handling and management, so these are steps that companies should be taking as a matter of course.

3. GDPR will ultimately help you win more business in Europe

Where once citizens needed to show that they were the victims of data misuse or security breaches, organizations must now demonstrate they've taken the right pre-emptive actions to protect personal data appropriately. If your company takes the initiative from the start, this will boost your company's customer base across Europe. Ultimately, proper GDPR compliance will lead to more business wins in the continent.

Beyond the final implications of the GDPR, which are great, the impact on reputation and brand loyalty can lead to greater financial impact in the long run.

With a new piece of legislation, coverage of the first breaches and fines is likely to be major for the companies involved. I urge companies to spend the time now securing their customer data, and not to run the risk of a headline-grabbing fine and the damage to their brand's reputation by being a test case.

Related: Will Artificial Intelligence Be Illegal in Europe Next Year?

A good starting point is to work with partners that understand the complexities of the European market and regulations, who will help simplify the GDPR compliance process by enabling the security, portability and encryption efforts for your customer data.

Patrick Lastennet

Director, Marketing and Business Development, Financial Services Segment, Interxion.

Director of Marketing & Business Development, Financial Services Segment


Patrick Lastennet is director of marketing and business development, for the financial services segment at Interxion. He has extensive expertise gained from launching a multi-lateral trading facility (MTF), managing major product development projects and market data integrations, and possesses a deep understanding of the electronic trading business as well as large-scale IT transformation projects within Financial Services Industry.

Prior to joining Interxion, Lastennet spent years in a range of senior positions with NYSE Euronext. As head of technology sales and partnerships, he was responsible for the launch of the NYSE Arca Europe MTF. As director of technology and projects for the European Market Data Division of NYSE Euronext, he oversaw the delivery of all European market data services for Euronext and Liffe markets. He also headed the Group’s European MiFID IT work stream and the global delivery of new market data feed platforms across the group.


He started his career at Reu

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business Solutions

Increase Productivity with This Microsoft 365 Subscription, Now $25 Off

It can make the entrepreneur life a lot easier.

Business News

Apple Pay Later Is Ending. Here's What's Taking Its Place.

The program was available for less than a year.


This Artist Answered a Businessman's 'Powerful' Question — Then His Work Became 'the Poster Child for Juneteenth': 'Your Network Really Becomes Your Net Worth'

Reginald Adams was the executive director of a Houston-based art museum for more than a decade before he decided to launch his own public art and design firm.


Harvard Business School Professor Says 65% of Startups Fail for One Reason. Here's How to Avoid It.

Team alignment isn't nice to have -- it's critical for running a successful business.

Business News

Here's What Companies Are Open and Closed on Juneteenth 2024

Since it became a holiday in 2021, Juneteenth has been recognized by some major corporations as a paid day off.

Growing a Business

I Hit $100 Million in Annual Revenue by Being More Transparent — Here Are the 3 Strategies That Helped Me Succeed

Three road-tested ways to be more transparent and build relationships that can transform your business — without leaving you feeling nightmarishly over-exposed.