Is GDPR’s enforcement a permanent slowdown for non-compliant companies?

Author: Christine Ferrusi

Several companies have recently decided to stop serving European customers in wake of the recent GDPR enforcement on May 25. They’ve posted notes and prohibited European IP addresses from accessing their websites. Why would they do this?

The most logical answer is that they’re not capable of complying with the new regulation and feel it’s less risky/costly to stop serving European customers than it is to risk being non-compliant. And in many cases this is true (although critics point out that these companies had two years’ notice about the regulatory changes.)

Others have pointed out that GDPR likely pushed some “fence sitters,” who already had weak or unstable European operations to begin with, to use GDPR as the catalyst to tip the scales in favor of shutting down rather than continuing to try to strengthen those operations.

Does this mean that non-compliance with GDPR is a permanent slow-down to the economy and businesses? Not necessarily. While it’s certainly possible that some firms will stay out of Europe, that seems an unlikely long-term decision. And this probably depends on each company’s strategy and size. The smaller firms that were already facing weak European revenues probably don’t feel a strong pull to re-enter the space. But larger firms that need global customers to sustain their business plans, will make sure they’re compliant and serve European customers again.

In addition to gaining consent (the easiest part of GDPR,) companies that want to ensure they’re compliant with GDPR and do business in Europe need to factor in the personal data stores, the processing and storage questions, and usage of third parties when processing, among the key factors.

Most of these issues require new thinking around identity and identity data. To be successful, companies should reconsider their entire approaches to identity validation and protection. By focusing on the larger identity issue, companies can comply with GDPR while also ensuring better customer satisfaction.

If you’re interested, here are some links to relevant articles about companies that have stopped serving European clients post-GDPR:

https://digiday.com/media/ad-tech-firms-quitting-europe-blaming-gdpr-often-scapegoat/

https://www.theguardian.com/technology/2018/may/24/sites-block-eu-users-before-gdpr-takes-effect