GDPR and its post-implementation impact

Huge amounts of keyboard effort have gone into describing the requirements of the General Data Protection Regulation (GDPR), the sorts of technologies that will be needed to ensure compliance, the scale of the likely fines (punitive) and even predictions as to how many consumers will opt out (as much as 50%). What I haven’t seen is any discussion of how companies will leverage GDPR once they have complied with it.

What I expect to happen is that some companies will start to make a virtue out of necessity. They will market the fact that they protect your data, that they make it easy for you to check the accuracy of your data and, if you really want to, they make it simple for you to opt out. In other words, they will use GDPR compliance as a sales tool.

Now consider the position of companies that operate both inside and outside Europe. Those companies will be complying with GDPR with respect to EU citizens. Won’t their non-EU citizens want the same level of protection? And won’t those companies that have recognised that compliance is a useful sales tool start to offer comparable capabilities to non-EU citizens? I think they’ll start to use compliance as a competitive differentiator. But some of their competitors may not be active in the EU at all and would not be subject to GDPR. That won’t make any difference: if the protection of your private data becomes a sales benefit then even companies that are not subject to GDPR are going to have to provide comparable capabilities, otherwise they won’t be able to compete.

GDPR looks set to be the revenge of the consumer. It will dramatically alter the relationship between the consumer and provider. Smart companies will take advantage of this and that will drive compliance even where that is not mandated. GDPR may be limited to EU citizens but its impact will be much wider than that.