How GDPR Is Making Waves on the Other Side of the Atlantic

Along with a string of stateside data scandals, the EU’s embrace of privacy by default is prompting firmer public resistance to America’s lax data protection regulations. With or without stricter regulations, data security is more important than ever to both companies and consumers.

Proposed in 2012, finalized in 2016, and implemented just this May, the General Data Protection Regulation (GDPR) has evolved from little-understood idea to rule of law at legislative lightspeed. And in light of both GDPR’s implementation and heightened privacy concerns stemming from widely reported data breaches, the call for more stringent legislation of consumer data use is getting louder here in the U.S.

As they’ve already been on the other side of the pond, the impacts of GDPR-like regulations in America could be both broad and deep. But whether or not such regulations put a damper on the prevailing business-friendly regulatory environment, the private sector has already taken proactive measures to keep up with the evolving debate on information privacy.

The Stateside Response

A recently published Janrain poll found that 69% of Americans “would like to see privacy laws like the European Union’s General Data Protection Regulation (GDPR) enacted in the US.” The number is eerily close to that of the EU Commission’s Eurobarometer poll, which last year found that 71% of Europeans “rejected the notion of companies sharing information about them without their permission.”

In some instances, Americans show greater concern for data privacy than Europeans: a 2017 Gigya study found 73% of Americans were concerned with IoT security, compared to 66% of UK respondents. And a 2015 TRUSTe/National Cyber Security Alliance report found that Americans were more worried about online privacy than their income.

If anything, the U.S. public’s concerns with data protection are greater today than than they were in Europe when GDPR was first proposed. And as more and more troubling news stories reveal how American companies have misused consumer data, public opinion continues to move against the nation’s lax regulatory environment.

As GDPR showed, where public support is galvanized, legislation should be expected to follow — however slowly.

A Primer on GDPR

After going into effect on May 25, the GDPR imposes a series of regulations on companies related to the collection and processing of European user data.

The regulation’s impact on EU businesses has been massive, as it has already required a tremendous investment in resources dedicated to compliance. Moreover,companies that fail to comply face steep financial penalties, sanctions, additional regulatory restrictions, and perhaps most daunting of all, PR fallout.

Consumer engagement has gotten trickier under the GDPR, as organizations have less visibility into their customer base and fewer opportunities to communicate directly. And it comes as no surprise that the global market for buying, selling, and processing user data into business intelligence has taken a massive hit.

Preparing for an American GDPR

American companies are naturally monitoring their own regulatory situation closely. The friendly environment they currently enjoy allows for the collection, purchase, sale, and analysis of consumer data, as well as opportunities to monetize data through a vast and varied set of methods.

As a result of the lax regulatory environment, the potential impacts of data breaches — from ransomware hacks to public relations nightmares — are infinitely worse. Since American companies are allowed to collect more user data more freely and for longer periods of time, there’s simply more data that can be hacked. And since they can buy, sell, and distribute data more-or-less unencumbered, there are more opportunities for hackers to strike.

More stringent regulations on data collection do exist in healthcare (HIPAA) and financial services, but potent market force — not government action — represent the biggest incentive for companies to invest in consumer data protection.

For example, facing dozens of lawsuits, a vibrant “Delete Facebook” movement, and flagging user numbers in the wake of the Cambridge Analytica scandal, Facebook has responded with a series of “we’re sorry” commercials, privacy policy changes, and a public apology tour from Founder Mark Zuckerberg. For any company, a serious data breach creates a mess of numerous, long-lasting repercussions that take years and millions of dollars to clean up.

All signs point to a future — if a distant one — in which GDPR migrates stateside. And given that Americans continue to lead the world in data production (U.S. consumers generate two to three times more Internet data per capita than Europeans), American companies have all the reasons in the world to invest in robust data protection and cyber security systems.

That’s why many enterprises partner with a cybersecurity expert like Turn-key Technologies. Whether you’re interested in a comprehensive network assessment or a managed IT services relationship that puts your cybersecurity in the capable hands of our experienced industry pros, we’ll work with you to develop a program that’s tailored precisely to your needs.

To reap the benefits of the current regulatory environment, American companies must first mitigate the outsize risk posed by data breaches. And when it comes to data security, prevention is always better than cure.