What is GDPR and How do Businesses Have to Prepare to Face the New Challenge?

a paper of general data protection regulation and there's 25 may under keyboard

Every word you say, every time you write your name on a bank form, and every time you connect to the internet and open a website, you are creating data. But how much is your data protected? While the practice of storing data has empowered businesses today like never before, it puts a heavy responsibility on their shoulders as well. That’s where GDPR comes in.


GDPR stands for General Data Protection Regulation, and it is a new set of data protection regulations that the European Union has created to give more control to the residents of the EU on their right of privacy. These regulations require businesses in the EU to ask users for permission before collecting their data and disclosing to them what the company will use their data for. The new regulations will apply to all the businesses and individuals in the EU and will come into effect from May 25, 2018. Unfortunately, businesses are not well-prepared to face the new changes that are expected to come with GDPR.


The matters are worse than you might imagine with 80% of the businesses having very little or absolutely no clue about the preparation for GDPR according to Dell and Dimension Research. It does not matter whether you have a small or a large business, the regulations will apply to you if you are within the EU. If you collect users’ data in any form and process it, you will have to comply with the new guidelines. Not doing so will get you in a huge trouble in the shape of massive fines. Keep in mind that the size of your business will not save you based on how the GDPR fines you.

A lower level violation of GDPR’s regulations will attract a non-compliance penalty that’s either 2% of the global turnover for the prior year or a straightforward €10 million, whichever is more. A direct breach of customer’s privacy doubles the penalty to 4% of the global turnover for the prior year or a straightforward €20 million, whichever is more. So, the “whichever is more” part puts small, medium and large businesses in the same boat.


Any industries that rely heavily on collecting customers’ data (which is mostly the case nowadays) will have to quickly think about preparing for the changes as the implementation of the new regulations is less than a couple of months away.

  • Publishing Entities

Publishers will benefit from the new regulations as well as receive some harm too. An idea is that the new regulations will push users to give more time to websites that they visit frequently and ignoring websites that they visit only once in a while. This will make intrusive advertising beneficial for websites that users visit quite often. On the other hand, publishers that rely too much on programmatic advertising will not be on the benefitting side. If users don’t provide their data easily, programmatic advertising companies will not have ample amount of data to base its advertising on.

  • Higher Education

Universities and colleges that require students to give their personal details for the purpose of admission or other tasks will have to comply with the regulations. More importantly, the processors will have to comply with the rules just like the controllers. It is important for universities and other higher education institutions to select their processors after proper research based on Art. 28 (1) in GDPR regulations – and if any non-compliance occurs, both the controller and the processor will have to face the penalties.

  • Healthcare

As for healthcare, the organizations will have to shift their attention from “personal data” to the new three important factors that have appeared on GDPR: biometric data, genetic data, and data concerning health. Healthcare organizations will have to resort to technological solutions to make these three types of data better protected and secured. Some believe that restricting the inflow of data and limiting its access through patient consent will stop the progress of modern healthcare research.


That’s where things become a bit complicated for the organizations. The most important question for most of them is how to comply with GDPR? What’s the starting point and what are the particulars? Should they implement the system top to bottom or from bottom to top? The easiest solution to this problem is having the right person on board who will manage the availability, security and integrity of data. It has to be a person who will lay down the foundation of a system that automatically takes care of data management.


It is important to know here that GDPR does not stop businesses from obtaining customers’ personal data but only adds the factor of “permission” within the process. From a positive standpoint, it should make marketing more effective i.e. relevant ads appearing in front of people who have given consent to view those ads. What’s more crucial here is for marketers to find ways to obtain consent from the customers. In a nutshell, they will have to offer extraordinary value to win their trust. However, companies have to pay attention to how they are obtaining information from their customers and putting ads on their screens.

An Ensighten commissioned survey by Sapio Research shows that 25% of the marketers aren’t worried about GDPR because they “believe” their marketing channels are the responsibility of some third parties. What they don’t realize is that marketers will be in the circle of scrutiny for whichever type of channels they use for advertising once GDPR is in effect.


Business owners will have to take a quick step to manage data that flows in and out of their organizations because it is not too far when GDPR will be in effect. The need for CDO has risen more than it ever has. However, CDOs are one of the most difficult individuals to hire today due to their high demand, low supply and extremely high salaries unless you resort to a solution like Cruz Street Digital—on-demand CDO for cost-efficient data management solutions. The future is going to be easy for organizations that realize the need for a chief data officer, act quickly and make the right adjustments before they are hit with monstrous penalties for GDPR non-compliance.

Have questions about how GDPR compliance and how we can help? Contact us and we’d be happy to help with a free consultation.

Related Posts