Is GDPR a 'Spark for New Business Models?' Some Companies Say 'Yes'
A new survey indicates that, believe it or not, GDPR spells opportunity for some companies.
May 16, 2018 at 05:36 PM
3 minute read
Shutterstock.
A majority of companies view the General Data Protection Regulation in the European Union as a source of opportunity that can help them improve privacy and data security, according to the results of a survey released Wednesday from IBM's Institute for Business Value.
Fifty-nine percent of respondents to the survey agreed that the GDPR is a chance “for transformation or a spark for new data-led business models.” The remaining 41 percent of respondents viewed the GDPR as just another set of regulations requiring compliance.
The survey was conducted between February and April of 2018 and drew feedback from 1,500 executives, including chief privacy officers and GCs, in 34 countries and across 15 industries.
The expansive GDPR will go into effect May 25—it will set up new privacy and security requirements for companies processing data belonging to EU citizens. Noncompliant companies face fines of up to 20 million euros or 4 percent of the company's worldwide revenue from the prior year, whichever is higher.
Cindy Compert, CTO, data security and privacy, IBM Security, pointed out in an email that the GDPR is coming into effect during a time where consumers have shown distrust in the handling of their data.
“The results show that companies are connecting the dots between consumer sentiment around data privacy and GDPR, with the vast majority (84 percent) acknowledging that GDPR compliance can be viewed as a positive differentiator to the public,” Compert said in the email.
Compert said that the other companies are looking for a simple checklist, but GDPR is “more directional” and that it may be viewed as burdensome.
“Many of the requirements of GDPR are open to interpretation rather than prescriptive—for instance, implementing an 'appropriate level of security.' Additionally, we often see that those responsible for GDPR have been directed to 'go implement GDPR' without direction or executive oversight, or if the organization is not collaborating well, they may not be informed on what other parts of the organization are doing,” Compert said.
Despite the majority of respondents showing enthusiasm for the GDPR, only 36 percent said they will be fully compliant with the GDPR in time for the deadline later this month. Forty-seven percent said they have begun efforts to comply with the GDPR and 18 percent of respondents said they had not begun compliance efforts, but planned on doing so before May of this year.
Compert described coming into compliance with the GDPR as a huge undertaking and one that takes time.
“Procrastination is part of human nature, and given the complex nature of GDPR, this isn't something that can be undertaken in a matter of weeks or months for companies that have delayed until the last minute,” Compert said.
The results of the survey indicate that companies are largely struggling with certain areas of compliance. These include performing data discovery and ensuring data accuracy, complying with data processing principles, developing and updating privacy policies, getting consent from data subjects and establishing a data protection officer.
“Responding to GDPR requires involvement from all parts of the business, as well as executive level support,” Compert said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
AI Disclosures Under the Spotlight: SEC Expectations for Year-End Filings
5 minute read
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Trending Stories
- 1How ‘Bilateral Tapping’ Can Help with Stress and Anxiety
- 2How Law Firms Can Make Business Services a Performance Champion
- 3'Digital Mindset': Hogan Lovells' New Global Managing Partner for Digitalization
- 4Silk Road Founder Ross Ulbricht Has New York Sentence Pardoned by Trump
- 5Settlement Allows Spouses of U.S. Citizens to Reopen Removal Proceedings
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
