GDPR Poses Complications for EU Companies
2016 saw a slew of changes across the business sector, and the General Data Protection Regulation (GDPR) is arguably one of the most impactful introductions of the lot.
While many organisations including IT support firms and consumer advocacy groups celebrated its passing, four years of development may have changed the tide. As the legislation nears full implementation, some companies have found it to offer more complications instead of the benefits they'd expected.
It's hard to pinpoint precisely why the GDPR poses such a challenge for some companies. Four years on, the legislation has become so complicated that it even sparked the creation of GDPR compliance consultants to assist businesses in meeting requirements. The issue is a grand one, and it requires an in-depth examination to truly understand how – and why – the GDPR is changing things.
Amongst the collection of factors leading to such confusion, these four are recognised as the most significant contributors.
Data Protection Officers
This term in the GDPR surprised more than a few companies when regulators developed the legislation in 2016. As more and more organisations move their operations online, it specified that any who do business within the EU must bring a data protection officer into their workforce.
To many, this provision isn't much to get worked up about. However, the fact that companies are expected to appoint a data protection officer with specific expertise related to the GDPR is something that fails in implementation. Due to the new nature of the legislation, there hasn't been enough time for any such employees to receive sufficient experience. Essentially, this requirement is asking companies to hire someone who might not even understand how to do their job – especially when it's their duty to ensure the business complies with regulations.
Fortunately, the market has produced a few alternative solutions. Most IT solution providers such as Sphere IT a London IT Support MSP – are adjusting their services to ensure their clients meet the GDPR, and offer IT support and consulting specifically regarding GDPR compliance.
Consumer Confusion
Unfortunately, the complexity of the GDPR doesn't stop short at companies. With its introduction, many customers now find themselves uncertain of what their rights are, and what they're now responsible for. To make matters worse, companies who are just as confused by the GDPR's intricacy are expected to fully understand the ins and outs of the legislation – something that simply isn't possible to do so quickly.
As such, companies find themselves the target of consumer frustration, and IT support firms and customer service teams are near powerless to ease the tension. The situation is one that causes suffering on either side, as businesses are just as confused as the clients they're supposed to be helping. As of now, there doesn't seem to be an easy fix for the problem.
Global Implications
While the GDPR was only ever intended to apply to businesses in the EU, such a significant piece of legislation will inevitably have a global reach. The law, which is only enforced by the EU, sees impact in other corners of the world, as all businesses with employees or customers inside the EU must comply to its regulations. More and more businesses are expanding their reach than ever, which makes the legislation near universal.
As a result, any business – even if it operates in an entirely separate country through e-commerce – must comply with the GDPR if it sells its products or services within the EU. Just like any EU business, this means they must go through the trouble of hiring an IT support consultant to ensure their operations are GDPR compliant – something that smaller businesses might not be able to afford, especially considering the legislation's complexity.
This reality can pose more than a few adverse effects. For one, some businesses would rather avoid the headache altogether, and pull their operations from the EU entirely. The decision is both damaging to their revenue, and robs EU consumers from a broader range of choices in the market.
Inconsistent Enforcement
To keep businesses compliant, any company that doesn't meet the GDPR is charged with a fee. Much like any other government legislation, EU companies that find themselves a repeat offender can face growing fines worth a sizeable sum. While this system is relatively straightforward, the enforcement efforts used so far have been anything but simple.
For one, there is nearly no possible way for EU regulators to force businesses operating outside the EU to pay their fines. As such, companies within the EU – who actually comply with the GDPR, and pay up when they don't – find frustration in the fact that others can get away without punishment. On the other hand, foreign businesses probably won't be too keen on having to invest in an IT support company that understands GDPR compliancy.
Conclusion
While no one suspects the GDPR was created with malicious intent, it's clear that the complications it causes are hard felt by everyone – even if unintentional. Two years since its implementation, companies across the EU still find trouble in its complexity, and the problem is one that doesn't seem to be disappearing anytime soon.