May 25, 2018

It's day 1 of the GDPR being fully in place and enforceable and already there are 3 completely unsurprising story lines arising:

1 - A large percent of companies aren't ready
This is the least surprising thing as we’ve seen story after story leading up to this date about the lack of preparation amongst companies, especially in non-EU member states.  It’s probably even worse than expected as most companies are incorrectly reporting that they are prepared, simply because they don’t fully understand the requirements.

2 - Some companies are shutting down
Sometimes it’s just easier to give up, and that’s the approach a number of companies are taking.  Every day we’re seeing stories about companies that are shutting down all operations due to their inability to meet GDPR regulations, be it technical or financial.

3 - Some companies are just shutting out Europeans
For other companies, shutting down isn’t an option, there’s still money to be made.  However, the risk of the hammer coming down from regulators is too much to bear, so they are shutting out users coming from European member states.

These last two directions: shutting down and refusing Europeans tells the story of one of the biggest fears of GDPR.  From the beginning, the concern has been that the big companies - Facebook, Google, etc - would be able to use their money and lawyers to meet or get around regulations, but smaller companies without that bankroll would struggle to meet these regulations.  Things will obviously play out over the next few months, but it’s unfortunate to see promising companies feel shutting down is their best option.

What is surprising? That most of the regulators aren't ready either.  This is worrisome, because it will consolidate power with the few member states that have focused on enforcement like France and Germany.

Ready or not, it’s here. Welcome to the new GDPR world.