Last May, GDPR officially went into effect. Under GDPR, users are given more privacy rights and firms have to adhere to stricter privacy regulations than ever unless they want to be subject to hefty fines. Under GDPR, fines can go up to 20 million euros or 4% of a firm’s global revenue. In the case of companies such as Google or Facebook, which earns to the tune of billions of dollars in annual revenue, the fines could be significant.
I have been in favor of GDPR. Even though it’s not perfect as in the case of any laws enacted for the first time, I believe that with GDPR, we are going in the right direction. Below are a few examples:
According to Cisco 2019 Data Privacy Benchmark Study:
GDPR-ready companies are benefitting from their privacy investments beyond compliance in a number of tangible ways. They had shorter sales delays due to customer’s privacy concerns (3.4 weeks vs. 5.4 weeks). They were less likely to have experienced a breach in the last year (74% vs. 89%), and when a breach occurred, fewer data records were impacted (79k vs. 212k records) and system downtime was shorter (6.4 hours vs. 9.4 hours). As a result, the overall costs associated with these breaches were lower; only 37% of GDPR-ready companies had a loss of over $500,000 last year vs. 64% of the least GDPR ready
Ads trackers were reduced, leading to faster loading pages and more pleasant user experience. Big firms are held more accountable. Google was fined $57 million for its GDPR violations. Without the new regulation, I believe that the amount would have been much less. California passed their toughest privacy laws after being inspired by GDPR.
There is an argument that GDPR might lead to less competition in the advertising fields as only the likes of Google and Facebook have the resources to meet the requirements. An initial study seemed to support that.
Nonetheless, I think that even without GDPR, who could challenge Facebook and Google when it comes to serving ads? At least when there are more rights and protection given to the end users, we get some power back to the users and hold firms to a higher standard. After all, innovation comes only from our raising standards, doesn’t it? Hence, GDPR is still a good move in the right direction and should be improved incrementally in the future. As a result, firms should pay more attention to privacy and security. It will no loner be a check-off-the-list item. It will be a competitive advantage moving forward, especially when everything goes digital.
Minh Quang Duong 