Now that GDPR is finally done, startups are celebrating with cakes
Let them eat cake. They deserve it.
Do they? Really?
Tech companies around the world scrambled to meet the GDPR deadline to provide "freely given, specific, informed and unambiguous" consent to share their personal data with companies. You might have seen their desperate pleas in your inbox. Under the European Union's General Data Protection Regulation-perhaps the world's most stringent data protection rules-companies that fail to comply are on the hook for up to €20 million ($23 million), or 4% of their worldwide annual revenue of the prior financial year.
Wait a second … can #GDPR ever be considered "done" in any meaningful way? There's the initial visibility and focus, like with #SOX and #HIPAA in the US. Eventually, as with all fads, they fade in the public consciousness. Yet they no less require compliance.
In the short term, companies are focused on not being a focus. Putting forth good faith effort toward compliance is good enough. Maybe the celebrations and cakes are focused on the fact these companies probably "outran the bear", where is bear represents the global behemoths like Google, Facebook, Microsoft, et al.
In the longer term, no entity can reasonably consider themselves safe if they fall in the GDPR realm. I can see scenarios where some organizations leave the EU because no other company can realistically enter into the market and provide what they did under GDPR's rules.
In short, GDPR is no magic bullet. There are costs that will need to be paid for it.