You do not have to be a fortune-teller to know that data is, in a way, going to be the new currency of the business world – or rather, it already is. Big data and how to mine it is a constant concern for companies, yet how to protect that data is also very high on the agenda – or at least, it should be. With the new European data protection legislation set to come into effect in 9 months, could the level of a company’s readiness be a sign of how they are set to do financially in the next quarters? Certainly – and here is why.
GDPR Unprepared? Financial Consequences Are High
The new General Data Protection Regulation that EU revealed more than a year ago is currently projected to take effect on May 25, 2018. The new regime will consolidate and reform the data protection rules of the European Union and its Member States, providing for stricter rules for companies and organizations around the globe. It will establish privacy as a fundamental and the obligations it imposes upon businesses will revolve around that concept – and that includes American companies as well. In fact, the new regulation applies to any and all organizations providing goods and services to or monitoring persons within EU borders, even if the company itself has no physical presence on EU/EEA soil. In case of non-compliance, the GDPR provides for fines up to €20,000,000 or 4% of an organization’s annual global turnover.
This is precisely one of the major potential ways that companies currently unprepared for the GDPR will suffer financially once the new legislation comes into effect. And organizations active in the financial sector are particularly vulnerable: A recent survey reported on the Financial Times revealed that European financial institutions are high risk and that they could stand to face roughly €5bn in fines during the first three years after the GDPR comes into force. The same research unveiled no less than 27 data breach occurrences across European Tier 1 banks in the past ten years, with some banks suffering multiple incidents.
Most Companies Not Ready for the GDPR – Look for Those Who Are
According to the same source, a recent study of financial services companies established that over 60% were still trying to grasp what needs to be done or were just getting started to prepare for the GDPR. Another survey reveals that if the GDPR was in force today, more than $320 billion would be levied in financial penalties towards consumer goods enterprises. Against this landscape, monitoring the companies you are considering investing in and identifying whether they have announced a detailed compliance plan or have not even mentioned the GDPR yet might be a helpful hint on whether they would be smart investment choices.
Companies unprepared for the GDPR stand to lose money – and not only in heavy fines, if they are caught red-handed. Not having proper safeguards in place that rise up to GDPR requirements means that a company is more vulnerable to data breaches, which might result in large amounts paid for damages and responding to the incident, as well as reputational damage that might trigger a loss in stock value. On the contrary, being prepared suggests a wider IT and cyber-security readiness that indicates proactiveness and sound investment of resources – all indicators of a strong financial performance.
Taking into account factors like cybersecurity and data breach response readiness when making investment choices might be unconventional; yet they are two of the most important indications of the digital infrastructure of a company.