EU GDPR croppedIt’s summer and it’s hot. Most of us would prefer not to worry about the European Union’s General Data Protection Regulation. But that would be a mistake. Stiff fines have now been issued. As technology leaders, we need to pay attention.

“GDPR, which took effect last May, requires companies to report data breaches to the appropriate European authorities within 72 hours of discovery and stipulates that local data protection agencies across the EU bloc can fine a company up to 4% of its total annual revenue if authorities determine it took insufficient measures to protect data,” writes Paul Sawers in VentureBeat.

For a while, it seemed as though the actual penalties would be relatively mild. Facebook dodged a major fine for its involvement with Cambridge Analytica, which happened before GDPR went into full effect.

“Then a few weeks ago British Airways (BA) was slapped with a provisional £183.39 million ($230 million) fine over a 2018 security lapse that compromised the personal data of around 500,000 customers, and a day later hotel giant Marriott was hit with a £99 million ($123 million) fine for similar breaches,” writes Sawers.

Meantime, some experts see evidence of GDPR having a generally negative impact on the European economy. “There is mounting evidence that the law has not produced its intended outcomes; moreover, the unintended consequences are severe and widespread. This article documents the challenges associated with the GDPR, including the various ways in which the law has impacted businesses, digital innovation, the labor market, and consumers,” write Eline Chivot and Daniel Castro of the Center for Data Innovation.

According to Chivot and Castro, the GDPR is harmful to Europe in 10 ways:

  1. Negatively affects the EU economy and businesses
  2. Drains company resources
  3. Hurts European tech startups
  4. Reduces competition in digital advertising
  5. Is too complicated for businesses to implement
  6. Fails to increase trust among users
  7. Negatively impacts users’ online access
  8. Is too complicated for consumers to understand
  9. Is not consistently implemented across member states
  10. Strains resources of regulators

It would be easy to relax and forget about what’s going on in Europe, but we simply cannot afford to ignore the broader economic consequences of GDPR.

I recommend reading an excellent blog post by William Vorhies in which he reminds us of the economic upside of using data for targeted marketing. Citing Mary Meeker’s research, he reminds us that data-driven ecommerce has saved consumers billions of dollars by driving down the costs of online goods.

As technology leaders, we will undoubtedly be asked to share our guidance and advice on the tradeoffs between privacy and ecommerce. Now is the time to begin preparing for those conversations.