A 'Wait and See' Approach for GDPR Is Going to Be Pricey for U.S. Organizations Doing Business With the E.U. GDPR will help you gain more business in Europe. So it's time to implement this new data regulation before next May's deadline.

By Patrick Lastennet

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.


The General Data Protection Regulation (GDPR) is the talk of the business town, at least over here in my native U.K. If you somehow managed to escape this, the abbreviation refers to the major new European Union legislation due to come into effect less than nine months from now.

Related: The New EU General Data Protection Regulation: Big Data Protection Gets Personal

From May 25, 2018, any organization that controls or processes personally identifiable information about EU citizens must have stringent organizational and technical measures in place (or "privacy by design," as it's been dubbed), to comply with the GDPR.

The new rules are outlined at the regulation website, but include requirements like mandatory breach notification and the right of data subjects to receive confirmation as to whether their personal data is being processed, and for what purpose.

Why should U.S. businesses care? In fact, those that have customers in Europe or even those looking to expand across the Pond should be deep into their planning and implementation phases to get ready for when the regulation becomes law next May. Yet, research by the analyst firm Gartner has already shown that over 50 percent of companies affected by the GDPR will not be in full compliance with its requirements by the end of the looming deadline.

Related: Beyond the Privacy Fine Print: Making Privacy More Transparent

This is despite the fact that 92 percent of U.S. companies affected by GDPR cited compliance with it -- in a PwC survey of US-based multinationals.-- as a top data-protection priority.

This is hardly a surprise, given that whenever a new unifying law or big piece of legislation like this is proposed, organizations tend to take a "wait and see" approach, to observe how rules are enforced, before they make critical decisions on how far to go with their response.

This stance may prove difficult with the GDPR, however, as fines may range as high as €20 million (almost U.S.$24 million) or 4 per cent of global annual turnover -- whichever is greater. My advice to companies, then, is not to be tempted to "wait and see" whether the GDPR rules are enforced, or enforced differently in some countries than others.

Indeed, with this unifying data law just around the corner, a passive approach is a poor plan of attack. Companies need to be ready from the start -- and here are three key reasons why.

1. Customer data must be safeguarded.

There is evidence that suggests that privacy sells. Over the last couple of years, the use of ad blocks has increased significantly globally. A recent report by analytics company PageFair showed that ad blocker usage surged 30 percent last year. There were 615 million devices blocking ads worldwide by the end of 2016, with the key reason for downloading software being security.

There is also a rising awareness from the consumer side on the abuse of personally identifiable information (PII). This is of great importance to consumers: Their data must be safe, so the onus is on organizations to do this going forward because, first and foremost, it's the right thing to do and the ethical way to do business -- no matter the headache it causes at the start.

2. GDPR rules aren't luxuries, they're solid best practices.

The GDPR is the biggest shake-up to data privacy in a generation, but organizations must remember the overriding principle of these new regulations: to unify data laws across the European continent in order to shift the burden of proof from individuals to organizations. That means that the new rules act as best-practices guidelines for companies to follow. In fact, companies should already have the majority of these in place and now is the best time to start.

A "wait and see" approach makes sense only if the potential risks are outweighed by the efforts required to prevent them. GDPR may require coordination and effort in the beginning, but in most cases, it's just enforcing best practices for data handling and management, so these are steps that companies should be taking as a matter of course.

3. GDPR will ultimately help you win more business in Europe

Where once citizens needed to show that they were the victims of data misuse or security breaches, organizations must now demonstrate they've taken the right pre-emptive actions to protect personal data appropriately. If your company takes the initiative from the start, this will boost your company's customer base across Europe. Ultimately, proper GDPR compliance will lead to more business wins in the continent.

Beyond the final implications of the GDPR, which are great, the impact on reputation and brand loyalty can lead to greater financial impact in the long run.

With a new piece of legislation, coverage of the first breaches and fines is likely to be major for the companies involved. I urge companies to spend the time now securing their customer data, and not to run the risk of a headline-grabbing fine and the damage to their brand's reputation by being a test case.

Related: Will Artificial Intelligence Be Illegal in Europe Next Year?

A good starting point is to work with partners that understand the complexities of the European market and regulations, who will help simplify the GDPR compliance process by enabling the security, portability and encryption efforts for your customer data.

Patrick Lastennet

Director, Marketing and Business Development, Financial Services Segment, Interxion.

Director of Marketing & Business Development, Financial Services Segment


Patrick Lastennet is director of marketing and business development, for the financial services segment at Interxion. He has extensive expertise gained from launching a multi-lateral trading facility (MTF), managing major product development projects and market data integrations, and possesses a deep understanding of the electronic trading business as well as large-scale IT transformation projects within Financial Services Industry.

Prior to joining Interxion, Lastennet spent years in a range of senior positions with NYSE Euronext. As head of technology sales and partnerships, he was responsible for the launch of the NYSE Arca Europe MTF. As director of technology and projects for the European Market Data Division of NYSE Euronext, he oversaw the delivery of all European market data services for Euronext and Liffe markets. He also headed the Group’s European MiFID IT work stream and the global delivery of new market data feed platforms across the group.


He started his career at Reu

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Related Topics

Business Ideas

55 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Thought Leaders

10 Simple, Productive Activities You Can Do When You Aren't Motivated to Work

Quick note: This article is birthed out of the urge to do something productive when I am not in a working mood. It can also inspire you on simple yet productive things to do when you're not motivated to work.

Making a Change

She Wrote An 'Escape Plan' to Quit Her Job and Move to an Island. Now She's There Generating Nearly $300,000 A Year

"My detailed, step-by-step plan on how I would quit my job and move to a Caribbean island."

Business News

Here Are 3 Strategies Startup Founders Can Use to Approach High-Impact Disputes

The $7 billion "buy now, pay later" startup Klarna recently faced a public board spat. Here are three strategies to approach conflict within a business.