Closing Shop or Closing Off: Companies Respond to GDPR
The enforcement of the European Union’s General Data Protection Regulation (GDPR) came with a surge of updated privacy terms and user consent forms. This is the tip of the iceberg for many organizations, as compliance to the GDPR meant two years heavily invested in developing data processes, policies, and cybersecurity strategies. However, amid news and advice on GDPR compliance, an alternative view on the entire issue emerged. Some organizations outside of the EU are steering clear of the GDPR entirely — by blocking or denying access or service to the very citizens the regulation seeks to empower and protect.
Blocking out Europe
Weeks before May 25, the GDPR implementation day, news of companies closing EU operations started streaming in. The GDPR was a contributing factor for certain companies to close down their offices in EU member states and the U.K., opting instead to transfer headquarters or focus on business in other regions. Obtaining consent for the collection and use of user data for targeted advertising would have been one of the bigger GDPR challenges for such companies to face.
Some online companies have taken a simpler approach: blocking access to their sites for traffic or users coming from the EU. These sites ranged from online games to email cleanup services, and the block is either temporary or permanent. Even U.S. news sites have been temporarily inaccessible in the EU as they continue devising technical solutions in compliance with the GDPR. Nearing the GDPR implementation, this method of avoiding the GDPR had become so popular that certain companies took the opportunity to offer blocking services for organizations that did not have the expertise to do so themselves.
The most extreme measure along these lines is totally closing down, naming the GDPR as a major reason. Online gaming seems to be one of the greatly hit industries, with several online games and a gaming software provider completely shutting down.
For these companies, the decision to avoid or to delay the implications of the GDPR was made by weighting the cost of compliance and the gains of maintaining the EU leg of their businesses. Evidently, compliance meant more time, money, and expertise that could not be outweighed by the potential profit from the EU market.
Some of the smaller organizations have simply stated that after much evaluation, they did not have enough resources for compliance. Shutting down now that the GDPR was implemented was a matter of course. The rest have yet to complete their compliance preparations and have opted instead to temporarily halt operations in the EU. In addition, the GDPR also means facing the risk of being fined as high as 20 million euros or 4 percent of the annual global turnover in case of non-compliance.
Not an option for all
Whether blocking out EU users works to prevent being under the GDPR’s scope remains to be seen. The GDPR affects organizations that handle the personal data of EU citizens, including third-party groups that process the personal data of EU citizens. This covers a very significant portion of users, customers, and partner businesses. For many other companies, avoiding the GDPR or letting go of their EU market just isn’t an option.
So far, organizations have had two years to align their GDPR compliance efforts with their own business goals. However, compliance is an ongoing journey. The GDPR acknowledges the importance of up-to-date data protection methods and technologies, as embodied in its “state-of-the-art” security and “privacy by design and default” facets. Although it may seem like a challenging road ahead, GDPR compliance does signify that a company has control over and protection of its customers’ personal data. This means fewer data processing disruptions and better overall security — factors that contribute to stronger customer confidence and brand trust.
Now that the GDPR is in full effect, implementation day seems less like a cutoff period and more like a starting point for constant improvement in organizations’ data processing, policies, and protection. Compliance is something to be mindfully maintained especially at a time when data has become one of the most valuable assets for many industries.
Visit our resource page to review GDPR terminologies, tips, articles, and other materials we’ve released since the GDPR was first announced, as well as to keep abreast of relevant news and practices.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases