The Very Strong Business Case for Complying With the World's Toughest Data Protection Regulation

The EU's General Data Protection Rule is likely to become the gold standard consumers watch for when deciding whom to trust with their data.

hazecats | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

For the past year, a global network of Chicken Littles has warned that the sky will fall on May 25, 2018, when the EU's General Data Protection Regulation (GDPR) takes effect.

We think they need to look at the big picture. The sky isn't falling. Far from it, in fact. May 25 presents a new day and a new era for U.S. business. Instead of worrying about whether you have to comply, focus instead on the many benefits of complying with gusto.

Because even if this new regulation doesn't force you to change the way you treat personal data, consumers and strategically minded competitors will. Once they have the ability to choose between a company that's committed to protecting their data and one that's doing as little as possible to squeak by, the businesses that treat GDPR compliance as a competitive advantage will come out on top.

Here are a few of the GDPR benefits organizations can look forward to:


Consumers aren't as naive as those of us in technology and digital governance sometimes think. They know data security is a concern, and they have little patience for companies that mishandle data, as one report made clear:

  • 75 percent of respondents said they would stop doing business with a company that suffered a breach because the board hadn't made data security a priority.
  • 76 percent said they would stop doing business with a company that was negligent in handling data.
  • 59 percent said they would take legal action if their stolen data was used for criminal purposes.

If you need more evidence of how passionate consumers are about data privacy, look at what happened to Facebook's stock after the Cambridge Analytica scandal. That also sparked the #DeleteFacebook movement, a rallying cry for Facebook users to delete their accounts. It's had an impact: Facebook pages for Tesla and SpaceX have been deleted, while Mozilla and some other companies pulled advertising.

The pushback won't stop with Facebook. Awareness is increasing every day, as consumers' inboxes fill up with notifications from companies updating their privacy policies.

Related: A 'Wait and See' Approach for GDPR Is Going to Be Pricey for U.S. Organizations Doing Business With the E.U.

Better data management

The GDPR gives consumers the right to review their data, correct any mistakes, restrict processing of their data and even have their data deleted. According to one survey, 82 percent of EU citizens plan to exercise those rights.

That sounds like a lot of work, so why is it a good thing?

  • Giving customers the right to correct information means your data will be more accurate -- so your forecasting, marketing and other related activities will be more accurate, too. You may have less data, but it will have a higher ROI.
  • Collecting data on an opt-in model means that your marketing messages will be going only to customers who really want to hear from you, reducing your costs for services that charge by the user.
  • The need to meet GDPR requirements can justify making room in the budget for technology upgrades.

Giving consumers the opportunity to correct their data is also another way to inspire trust. If they believe you care about the accuracy of your data, they'll be more likely to trust you with it.

Related: Facebook's Data Scandal and Europe's New Data Privacy Rule Have Massive Implications for U.S. Entrepreneurs

Strategic alignment

Because today's business models so easily criss-cross national boundaries, even U.S. organizations will need to review their data collection and management practices and provide a justifiable reason for needing each piece of data. That's a great opportunity to engage in some important conversations about how well your digital practices align with your organizational strategy. In particular, it's an opportunity to ferret out practices that are no longer relevant -- you just do them out of habit:

  • More data means more risk. Every piece of data you collect, store or process becomes a liability if you suffer a breach. Why take the risk for data you don't need?
  • For many businesses, customer data is stored not only in databases, but in spreadsheets, emails, etc. -- and, often, in multiple copies of each. Collecting and storing less data makes it easier to meet GDPR requirements for being able to tell customers what data you have, where it's located, who has access to it and how it's used. But it also streamlines your processes, eliminating rework and making data easier to find and work with.

While some organizations may choose to pull out of European markets hoping that they can avoid the costs of compliance, we think that approach is short-sighted. We hope that the conversations businesses will necessarily have around GDPR compliance -- on both sides of the pond -- will lead them to embrace the concept of data privacy as part of their corporate identity. We urge organizations not to see it as a matter of compliance alone, but as an opportunity to transform their approach to customer data for all the right reasons.

Related: Making Your Data Unreadable to Whoever Steals It Might Be the Only Way to Keep It Safe

GDPR compliance is a competitive advantage

Few consumers need a law to tell them that having more control over their data is a good thing. But awareness of the GDPR will increase as businesses send out updated privacy notifications and news feeds fill up with apocalyptic headlines like "GDPR Doomsday!"

And that means that consumer expectations will change, too. If they know there are things you can do to protect their data and to give them more control over it, and you choose not to, that's going to hurt you. Here are a couple of ways the GDPR will change consumer expectations:

Consumers will understand the true value of their data. The pearl of wisdom that says "There's no such thing as a free lunch" has been updated for the 21st century: "If you're not paying for the product, you are the product."

Today, though, many consumers don't think about that. They know Facebook and Gmail are free to use, but they often don't stop to think about where the money to run the company comes from. The GDPR (and the media hoopla surrounding it) is going to be a wake-up call to the fact that the bulk of Facebook's revenue comes from ads. And that the reason people buy Facebook's ads is because all of the data Facebook has on its users -- information gleaned from posts, likes, shares, friends lists, etc. -- allows buyers to target their ads with extreme precision.

You can also expect consumers to wake up to the fact that even services they pay for -- from their ISP providers to their favorite retailers -- fully understand the value of the data they've been collecting. Some use it to market their services; others sell it. EIther way, consumers will soon realize that businesses see their data as a capital asset. And they'll be able to make informed decisions as to what they're willing to trade in exchange.

Related: Facebook to End Targeted Ads Built with 3rd-Party Data Mining

Having more choices. Today, customers often have to make a "take it or leave it" choice when it comes to handing over their data for the privilege of using a website or app. After the GDPR, businesses that want to be competitive will have to give consumers more options, possibly with varying combinations of pricing and data sharing. The winners will be the ones that give consumers the most value from the exchange.

Moreover, the GDPR mandates that your data be portable. That knocks down "exit barriers." If a consumer wants to switch service providers, all they have to do is ask you for a copy of their data in a portable format, which they can then pass on to their new provider.

If the sky falls thanks to the GDPR, it won't happen on May 25. It will happen months or weeks later, when consumers realize that they have a choice between businesses that think they're entitled to do as they wish with customer data and those that see data privacy as both a human right and a competitive advantage. Which one do you want to be?

Ashwin Krishnan and Kristina Podnar

CEO (Ashwin Krishnan); Digital Governance Consultant(Kristina Podnar)

Ashwin Krishnan is an ex-high tech executive with security and cloud expertise, now focused on educating business executives on the impact of regulations, AI and IoT. Kristina Podnar is a digital governance consultant with nearly 20 years of management consulting experience with global clients.

Related Topics

Editor's Pick

This 61-Year-Old Grandma Who Made $35,000 in the Medical Field Now Earns 7 Figures in Retirement
A 'Quiet Promotion' Will Cost You a Lot — Use This Expert's 4-Step Strategy to Avoid It
3 Red Flags on Your LinkedIn Profile That Scare Clients Away
'Everyone Is Freaking Out.' What's Going On With Silicon Valley Bank? Federal Government Takes Control.

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Celebrity Entrepreneurs

'I Dreaded Falling in Love.' Rupert Murdoch Is Getting Hitched for the Fifth Time.

The 92-year-old media tycoon announces he will wed former San Francisco police chaplain Ann Lesley Smith.


How Great Entrepreneurs Find Ways to Win During Economic Downturns

Recessions are an opportunity to recalibrate and make great strides in your business while others are unprepared to brave the challenges. Here's how great entrepreneurs can set themselves up for success despite economic uncertainty.

Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Starting a Business

Selling Your Business? Do These 6 Things Right Now.

If you want the maximum price you need to make these moves before you do anything else.

Business News

New Mexico Is Hiring Professional Bear Huggers -- Here's How to Land the Dream Job

The American Black Bear was selected as the state's official animal on February 8, 1963, by the New Mexico Legislature.