Blog

Top three reasons why a ‘wait and see’ approach for GDPR will not work

Any businesses in the US with customers in Europe or plans to expand into EU countries should have already started preparations for the General Data Protection Regulations (GDPR), which come into effect in May next year. But research by analyst firm Gartner shows that over 50% of companies affected by the GDPR will not be in full compliance with its requirements by the end of the looming deadline. The media has written extensively about the exorbitant fines companies might face if they are found to be non-compliant (as large as €20 million or 4% of global annual turnover - whichever is greater), and the ICO recently came out with this article in response, calling to reduce scaremongering around the issue.

Despite this, my advice to companies is not to take a “wait and see” approach when it comes to the GDPR. In light of the Information Commissioner’s comments, organisations might be tempted to study how rules are enforced before making critical decisions about their strategy. But with the unifying data law just around the corner, a passive approach is definitely a poor plan of attack. Here are three key reasons why.

1. Customer data must be safeguarded.

A recent report by analytics company PageFair showed that ad blocker usage surged 30% last year. Consumers are increasingly more aware of the abuse of their Personally Identifiable Information (PII). It’s important to them that their data is safe, and it’s up to organisations to make sure that they acknowledge this going forward. No matter the headache it may cause at the start, it’s the most ethical way to do business.

2. GDPR rules aren’t luxuries, they’re solid best practices that every company should be following.

The GDPR is the biggest shake-up to data privacy in a generation, but what it comes down to is best practice guidelines for companies to follow - in fact, companies should already have the majority of these in place. Complying with the GDPR is not only ethical, it’s also the best way to ensure your customers feel comfortable doing business with you.

Which brings us to...

3. GDPR will ultimately help you win more business in Europe

Customers used to need to prove that they were victims of data misuse, but organisations will now have to show that they’ve taken pre-emptive actions to protect personal data appropriately. If your company takes initiative from the start, this will boost your customer base across Europe. Ultimately, proper GDPR compliance will be good for your bottom line.

In addition to all this, and as the ICO themselves write - fines are not the only reason to ensure you’re GDPR-compliant come May 25th. I urge companies to spend the time now securing their customer data, and not risk the damage being held up as a bad example could do to your brand’s reputation.

A good starting point is to work with partners that understand the European market and its regulations. Businesses need partners to facilitate GDPR compliance and Privacy by Design – starting with the infrastructure and connectivity layers. Interxion’s network of European data centres makes GDPR compliance easy by enabling the security, allowing portability and simplifying encryption efforts for your customer data. Whether an organisation is deep in GDPR planning or in the early stages, Interxion can help you avoid becoming a headline-grabbing test case when the laws come into effect.

US companies launching into Europe from 2017 are in the position to approach their infrastructure plans with a “clean sheet”, but they need the right information, support and tools to reach compliance in this sophisticated market. With our ISO certified data centres, a pan-European presence, and a network of providers with a European focus, we make the perfect partner.