Risky Business: Why Businesses Have Put Off GDPR Prep (and Why You Really Should Do It)


If your company is like most US companies, you are pretty confident that you are protecting the data of the people who interact with your company.

  • You have a privacy policy and a notice people can read that explains it.

  • You’re complying with the CAN-SPAM act.

  • You probably even have a notice on your website that alerts EU visitors that you may be using cookies to collect information about how they behave on your site.

Until now, those steps have been enough. But the European Union’s General Data Protection Regulation, in effect as of May 25, 2018, changes everything. The GDPR is a sweeping regulation that changes data protection and management practices worldwide.
However, many organizations have been slow to prepare. It’s important to realize that any reasons you have for not complying with the GDPR are probably misguided. It’s also helpful to realize that taking the steps to compliance may actually benefit your business.

Get Refactored’s eBook: Making GDPR Happen

Why Companies Put Off GDPR Compliance

For companies that aren’t based in the EU, it’s easy to find reasons to put off thinking about the GDPR. Let’s bust some of these myths.

The GDPR doesn’t apply to us.

The regulation applies to any company that offers goods or services to EU subjects, monitors their behavior, or even processes information about them—regardless of that company’s geographical location.

It’s an IT issue.

GDPR isn’t just about data; it’s about the people behind the data and how you interact with them. Compliance requires a cultural change from every department in your organization.

It’s just about putting up notices on the website.

The GDPR’s rules affect data capture, process, utilization, and management at a deeper level than most organizations realize and affect multiple corporate systems.

It only affects how we email prospects.

The regulation gives individuals direct control over whether you can collect their information at all; when and where you can collect data; how data is used; and when and how you give data back or delete it.

We are already protecting data.

Probably true. But are your partners? Suppliers? Customers? Under the GDPR, your responsibility for data management extends outside your four walls.

We aren’t likely to have much fallout from not being in compliance.

That might be true. Maybe. If you deal with just a handful of EU data subjects. But if you’re wrong, the fine for non-compliance is €20 million or 4% of total global annual turnover, whichever is greater.

It’s going to take too much time.

Here, you’re right. Even if you start today, you won’t be able to be fully compliant overnight. But having a realistic, manageable plan for compliance can create momentum for the changes that need to happen.

Why Compliance Is Going to be a Positive for Your Organization

It’s easy to get overwhelmed when you think about the GDPR only in negative terms. The fact is, the EU’s move is a progressive step that is likely to spread globally, in some form, at some point. And taking the steps to move toward compliance may deliver benefits that you might not have expected.

Streamlined Data Management

The GDPR requires you to take a long hard look at just what data you collect any why. Most likely, you’ll find ways to pare down the types and amount of data you collect. And data is easier to manage and use to your advantage if you’ve eliminated redundancies and cleaned up your database structure.

More Accurate Customer and Prospect Lists

Under the new rules, you’ll end up with clean customer information that’s accurate and up to date. In turn, you’ll be able to produce more precisely targeted and personalized campaigns.

Highly Engaged Prospects

When your prospects have chosen to receive your messages—and those messages are clearly targeted to their needs—you’re going to have a much more productive sales funnel.

Better Responsiveness to Partner and Customer Data Requests

When you’re in compliance with the GDPR, you’ll have data ready to deliver at all times. That means when a partner or customer (or regulator) asks for a report, you can have it ready in minutes—not days. Better for them, better for you.

Improved Trust and Brand Reputation

Any time you demonstrate proactive, responsible handling of personal data, you help to build trust. You show that you are putting people—your customers—first. That commitment speaks to the foundational values of your company and may be a differentiator that gives you a competitive advantage.

Make a Plan, Build Momentum

If your organization is among those that are not yet GDPR compliant, you’re not alone. However, it’s essential to break through any inertia you’re experiencing.

Read Refactored’s free eBook Making GDPR Happen to learn how to break down the process into manageable phases, create momentum, and move toward compliance.

Get the eBook