It has been over a year since the General Data Protection Regulation (GDPR) went into effect in May of 2018. Leading up to the passage of the law, there were a lot of contradictory opinions about how GDPR would affect businesses and citizens. Now that some time has passed, we can take a look back at which theories proved true, how GDPR has impacted innovation and what we can expect in the future as more countries move to strengthen privacy laws.
How GDPR Has Affected Large Companies
Early opponents of GDPR claimed that it would negatively impact small and medium-sized businesses by burdening them with challenging and costly security standards. However, it appears that smaller businesses have been able to remain agile and adjust to new standards while large companies that have traditionally been viewed as innovators, have been struggling to adapt.
In fact, on the first day GDPR went into effect, Facebook and Google were both hit with billion dollar lawsuits for failing to comply. Just a few months later, it became public that Facebook had suffered one of the biggest data breaches in history when hackers scraped the data of over 29 million users. These events made it clear that larger companies, with access to the most user data, were the ones who were failing to take steps to tighten security.
Many see these events as good news for consumers and claim that GDPR has exposed a lackadaisical approach to security from companies who have the means, resources and responsibility to protect user data and be transparent about how that data is used and shared. In some ways, the introduction of GDPR is forcing large companies to innovate in ways that simply weren’t a priority before.
The Perfect Opportunity to Innovate
Meanwhile, some companies view GDPR as an opportunity and use the law as motivation to innovate. They see the writing on the wall and are heeding the warning to start working on security sooner rather than later. This can mean building better in-house security and compliance teams, although many companies are turning to external vendors to help them meet new regulatory standards.
BigID is one example of a startup that was specifically created to help businesses focus on improving cybersecurity and protecting personal data in response to GDPR. They are now partnering with major names, like AWS, IBM Security, Microsoft and Salesforce to help companies meet EU standards and prepare for a future when these regulations could become even more widespread.
How GDPR is Affecting the US
In the immediate wake of GDPR, similar bills have been introduced in the US Congress and there is an increasing call for finding a better balance between creating stronger protections for consumers and allowing companies to prosper through the use of big data.
Apple CEO, Tim Cook is one notable figure who is advocating for changes in the US. He claims that “We will never achieve technology’s full potential without the full faith and confidence of people who use it.” Many tech leaders and politicians agree with Cook and want to take steps to protect consumer data, but there is a lot of disagreement when it comes to the details of how this should be achieved.
Regulations Spark Innovation
At the one year anniversary of GDPR, we see that fears that regulations would put negative restraints on companies have proven unfounded for many. Instead, these new regulations have fostered meaningful innovations that put the consumer’s privacy first. Companies who may have become complacent when it came to security were put on notice and those who were quick to respond and adapt are thriving. US companies should use this lesson to jumpstart their own security and innovation efforts in order to be prepared for the future.
Of course, we must add…if your company is evaluating external technologies to support your GDPR effort, it behooves you to identify and evaluate competing solutions using the prooV proof-of-concept platform. Our platform can ensure that your data is never compromised while evaluating and even deploying third party technologies.