GDPR, One Year Later, ‘Not the Boogeyman’
…way down the ladder to small-to-medium sized businesses,” says Greene.
Activity in the name of GDPR compliance is thus expected to increase rather than decrease in the second year.
“With recent fines and penalties in 2019 and people reading more about it in the press, there’ll be more activity happening, both on the prosecution side and the response side from companies that are affected by GDPR,” said Michael Mittel, founder and CEO of RapidFire Tools, a Kaseya company.
“We saw that happen with HIPAA in the United States. The final regulation was written into law in 2013 and it took a while for folks to realize the impact and importance. When they did, it snowballed. The same thing will happen here with GDPR,” Mittel added.
Penalties are also expected to rise under new privacy regulations spawned by GDPR.
“The fines for non-compliance of the CCPA, which could be up to $7,500 per violation, may prove to be even more devastating [than GDPR] for companies doing business with California consumers,” warns Fredrik Forslund, vice president of enterprise and cloud erasure solutions at Blancco.
Mixed consumer and business reactions
Consumers and some businesses welcome the increased focus on privacy.
“For now, it’s unlikely the GDPR will change how U.S. customers interact with U.S. businesses — perhaps more rights and protections will be afforded to Americans where a company does not want to manage varying levels of privacy protection, so all are granted GDPR-level rights. Rising privacy-protection tides raise all ships,” says Greene.
“Instead, early indicators are U.S. citizens and businesses will be more directly impacted by states, such as California, that enact GDPR-like legislation in the near future,” Greene added.
Other businesses are worried about its impact on the value of their data and on their current business models.
“GDPR, if anything, has shown Americans companies what they do not want as it hinders their marketing and sales efforts as well as overall their business. American business is used to owning whatever data it collects — and they spend billions of dollars each year collecting that,” says Houpt.
“U.S. businesses know that they have to agree to something, but a 180-degree turn where each individual owns their own data means that persons will start charging companies for the storage and use of their personal data. If U.S. privacy laws turn the tables on the ownership of data, for example data on a person’s purchasing habits, you will see a huge shift in how U.S. businesses conduct marketing and sales efforts,” Houpt added.
Balance is key to protecting individuals and stabilizing businesses dependent on their data.
“There is a careful balance to be struct between protecting the privacy of individuals and making it impossible to…