Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
AP
U.S. companies are largely unprepared for what's about to hit them when sweeping new EU data laws take effect next year. The regulation — the General Data Protection Regulation (or GDPR) — is intended to give users more control of how their personal data is used and streamline data processes across the EU. Companies that fail to comply with the complex law will face steep fines of up to 4% of their global annual revenue.
Why it matters: Europe has by far taken the most aggressive regulatory stance on protecting consumer privacy and will in many ways be a litmus test for regulating the currency of the data economy. It impacts a huge number of businesses from advertisers to e-commerce platforms whose data flows through EU countries. That means everyone from Google to your neighbor who sells shoes on eBay could be affected.
Compliance challenge: Firms in all sectors are dealing with more data than ever before, so managing it requires more resources. Experts tell Axios that complying with the law is a daunting and expensive task for many companies. Niche legal firms are cropping up to help companies deal with it.
"People aren't fully ready for managing this," said Hilary Wadell, general counsel and chief of data governance at TrustArc. "A lot of organizations are still trying to wrap their arms around appropriate data governance and to understand the types of data they have and how it is used." According a recent TrustArc survey, 61% of organizations haven't even begun implementation.
Tech watch: Companies in all sectors will have to comply, but tech companies in particular will have steep climbs. "Were going to see innovative things from Google and Facebook in terms of how they deal with it," says David Downing, EVP at ASG technologies. On its Q2 earnings call, Facebook COO Sheryl Sandberg told investors that when they look at regulatory issues, including GDPR, they make sure those regulators understand how Facebook contributes to economic growth in their countries.
The EU perspective: Wojciech Wiewlorowski, Assistant Supervisor for the European Data Protection Supervisor in Brussels, stressed that the regulation won't slow down innovation or the flow of data. Rather, it's a necessary step to deal with the explosion of the data economy in a "civilized" way — similar to how society had to impose rules on automobile traffic.
"The road code [was] created in order to facilitate the way that we transport things and transport people," he said on a call discussing the GDPR implementation. "But, of course, in some ways it limits the way that we try to invent solutions. This is the kind of price we pay for a civilized way for the flow of personal data in the world."