Earlier this week, Apple CEO Tim Cook praised the EU’s General Data Protection Regulation (GDPR) and advocated for stricter privacy laws in the US. Whenever the head of the world’s first $1 trillion company applauds regulation, people take notice. But Cook isn’t the only one in the business world who believes more data laws are coming our way.
In a June 2018 survey by A.T. Kearney of 400 senior executives worldwide from various industries, about seven in 10 respondents said that the GDPR will likely inspire other countries to expand data privacy regulations.
This research builds on previous data that indicates many businesses are taking the possibly of increased data regulation seriously. CB Insights analyzed more than 6,000 earnings call transcripts from companies across the globe and found that the number of times GDPR was mentioned during the calls increased from seven in Q1 2017 to 177 in Q1 2018.
Company execs are paying more attention to data regulation at a time when consumers and Congress increasingly focus on technology.
In an April 2018 poll of US internet users by Janrain, 68% of US internet users say they support GDPR-style rules in the US. And in August, Quorum Analytics analyzed the content of press releases, newsletters, social media posts and floor statements from members of Congress and found that Congress is increasingly discussing technology.
Although it is an EU law, US companies are still preparing for the GDPR since the regulation can affect them if they have EU customers. In an August 2018 survey of 145 US corporate directors of public company boards conducted by BDO USA, nearly eight in 10 respondents have conducted a gap assessment and updated their privacy notices to comply with the GDPR. About one-third of those polled have increased their data privacy budgets and appointed a data protection officer.
The EU’s General Data Protection Regulation (GDPR) became enforceable on May 25 and states that a user’s personal data can be used only if that individual gives a company explicit permission. Companies who violate the GDPR can be fined €20 million ($22.9 million) or 4% of global revenues, depending on whichever is greater.