Enza Iannopollo, Analyst
On May 25, we move from fretting about the General Data Protection Regulation (GDPR) — and the pending ePrivacy Regulation — to managing a constant state of risk.
At its core, GDPR is a bold statement: Privacy is a human right. As an enforceable policy, GDPR is disrupting firms the world over, arguably for both good and bad. The good is that the regulation creates a forcing function for firms to get their data governance in order. The bad is that it can divert investment dollars and executive attention away from getting in front of customer- and digitally-driven market disruption.
Ultimately, it’s a game of risk: What is the appropriate level of compliance against the full range of the GDPR to effectively manage risk and cost? Our take is that, while some firms will fully comply, most won’t.
The majority of companies will try to find the right line between risk and cost, and that line will move as we better understand the regulators’ actions — which brings us to May 26: the day after. What will the regulators’ priorities be? Are there market segments that they’ll target first?
In this episode, Enza Iannopollo discusses the future in a GDPR world, the choices firms can make, and the sense of who should be truly concerned.