Is GDPR a 'Spark for New Business Models?' Some Companies Say 'Yes'
A new survey indicates that, believe it or not, GDPR spells opportunity for some companies.
May 16, 2018 at 05:36 PM
3 minute read
A majority of companies view the General Data Protection Regulation in the European Union as a source of opportunity that can help them improve privacy and data security, according to the results of a survey released Wednesday from IBM's Institute for Business Value.
Fifty-nine percent of respondents to the survey agreed that the GDPR is a chance “for transformation or a spark for new data-led business models.” The remaining 41 percent of respondents viewed the GDPR as just another set of regulations requiring compliance.
The survey was conducted between February and April of 2018 and drew feedback from 1,500 executives, including chief privacy officers and GCs, in 34 countries and across 15 industries.
The expansive GDPR will go into effect May 25—it will set up new privacy and security requirements for companies processing data belonging to EU citizens. Noncompliant companies face fines of up to 20 million euros or 4 percent of the company's worldwide revenue from the prior year, whichever is higher.
Cindy Compert, CTO, data security and privacy, IBM Security, pointed out in an email that the GDPR is coming into effect during a time where consumers have shown distrust in the handling of their data.
“The results show that companies are connecting the dots between consumer sentiment around data privacy and GDPR, with the vast majority (84 percent) acknowledging that GDPR compliance can be viewed as a positive differentiator to the public,” Compert said in the email.
Compert said that the other companies are looking for a simple checklist, but GDPR is “more directional” and that it may be viewed as burdensome.
“Many of the requirements of GDPR are open to interpretation rather than prescriptive—for instance, implementing an 'appropriate level of security.' Additionally, we often see that those responsible for GDPR have been directed to 'go implement GDPR' without direction or executive oversight, or if the organization is not collaborating well, they may not be informed on what other parts of the organization are doing,” Compert said.
Despite the majority of respondents showing enthusiasm for the GDPR, only 36 percent said they will be fully compliant with the GDPR in time for the deadline later this month. Forty-seven percent said they have begun efforts to comply with the GDPR and 18 percent of respondents said they had not begun compliance efforts, but planned on doing so before May of this year.
Compert described coming into compliance with the GDPR as a huge undertaking and one that takes time.
“Procrastination is part of human nature, and given the complex nature of GDPR, this isn't something that can be undertaken in a matter of weeks or months for companies that have delayed until the last minute,” Compert said.
The results of the survey indicate that companies are largely struggling with certain areas of compliance. These include performing data discovery and ensuring data accuracy, complying with data processing principles, developing and updating privacy policies, getting consent from data subjects and establishing a data protection officer.
“Responding to GDPR requires involvement from all parts of the business, as well as executive level support,” Compert said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250