Now That GDPR Has Arrived, Here Are Five Ways Your Company Can Catch Up Fast

Everywhere you turn, companies are talking about the General Data Protection Regulation and what it means for the future of advertising. How will the EU enforce it? Who will be the first company fined for non-compliance? Will enforcement be strict?

Despite all the questions, one thing is certain: GDPR is the beginning of a larger trend in consumer rights and privacy. More frequent data breaches mean more pressure from consumers for stricter protection. Corporations and governments feel the heat, and new regulations won’t be far behind.

Until more countries enact GDPR-like laws, the burden of security remains with corporations. The companies that provide customers with more access to and control of their personal data will force others to follow suit. This global competition is already underway, but if companies don’t achieve the desired impact quickly, new laws will spur them forward.

Only time will tell whether GDPR protects customers, but its impact on industry behavior is already palpable. In the future, we might look back and see GDPR as the beginning of a trend or as the final step in shifting market norms depending on how the world responds now.

Businesses Most Affected by GDPR

Some sectors are more likely to be affected than others, including hospitality, travel, software, and e-commerce.

The global reach of the hospitality and travel industries will demand close observance of GDPR rules, especially if companies market directly to EU citizens. Businesses in these industries also regularly gather personally identifiable information and engage with consumers using that data, making them prime targets for early GDPR impact.

In tech, software and e-commerce companies face the largest hurdles. Depending on the platforms used, some companies face steep uphill climbs to improve their data management strategies and capabilities in time.

Most large and public corporations have already taken the steps necessary to comply with GDPR. Small businesses, however, still have a lot of work to do. According to a recent survey, nearly two-thirds of American companies doing business in Europe were unaware of the potential penalties of non-compliance as recently as this year.

Companies will likely enjoy a period of leniency to adapt their data collection and business practices, but that grace period won’t last forever. Businesses will find newer, cleverer ways to entice users to provide information, and other companies will copy those innovations. Users might relinquish their right to removal in favor of the superior experience companies with data can provide.

5 Ways to Prepare Your Company

Companies in the path of GDPR should be transparent with customers and focus on their value propositions to avoid the brunt of the blow. If businesses get that right, it puts the choice in the hands of customers and builds trust. As a result, customers are more likely to   exchange their information for superior, personalized experiences. If you aren’t ready for GDPR, follow these tips to prepare:

1. Get solid legal advice. Talk to lawyers to see whether your business needs to comply with GDPR. The initial investment might be steep, but the advice and action plan to save you from GDPR fines will be well worth the cost.

2. Evaluate your timeline. Determine how quickly your business must comply. If you need to address the issue immediately, break up the work into blocks, and then attack in descending order of priority. If Europe is a key future market, put compliance ahead of opportunity to avoid fees.

3. Standardize communications. Update your terms of service and privacy policy to reflect your data collection and use policies. Even if you don’t comply yet, clear communications and demonstrated progress could lighten the blow from regulators and establish trust with your customers.

4. Enhance profile management capabilities. Even if you only enable the option, open the door for users to request removals. Begin the process with requests, and then solve the issue of complete removal during your future compliance adjustments.

5. Apply for certifications. Self-certify for the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Go a little further and get your ISO 27001 (information security management) and 27018 (cloud data protection) certifications, as well as your SOC 2 and SOC 3 certificates.

The full impact of GDPR will take years to understand, but in the meantime, don’t be caught off guard. Companies that focus on compliance early will be the ones who gain an edge over their competitors.