Time is ticking down for US-based firms to prepare to meet the demands of the EU’s General Data Protection Regulation, which goes into full effect on May 25.
Although firms without a presence in Europe may think that they will not be affected by the regulation, GDPR casts a long shadow, according to David Ross, principal, cybersecurity & IT risk at Baker Tilly, during a recent webcast.
“The EU is the third largest economy behind the US and China,” he said. “Europe is touching your business in some way.”
The regulation’s maximum fine of 20 million euros or 4% of a firm’s global revenue has generated a lot of fear, uncertainty, and doubt within US-based firms.
A poll of the approximately 800 webcast participants found that the majority of their firms (58%) were not compliant but are getting closer while 28% of the respondents said that their firms still had a long way to go. Only 9% of the audience claim their organizations are compliant and 2% of those polled did not know what GDPR is.
The trouble for US-based firms is that GDPR is vague in what it covers, according to Ross.
“The biggest problem is that it is broadly written,” he said. “Usually there is a regulation and the case law that comes from the regulation, but we do not have the case law yet.”
However, Ross expected that most US stakeholders, complying with GDPR would be a 30- to 90-day process depending on the firm.
He also noted that preparing for GDPR is a good warm-up for other data privacy regimes that are in the pipeline.
The UK Parliament is considering a somewhat stricter regulatory framework while Latin American nations are considering adopting GDPR or developing their own version of it, said Ross. “In the US, there are three privacy bills winding their way through Congress, two in the House and one in the Senate.”
Firms can leverage their experience with other privacy-related regulations, such as Privacy Shield, Payment Card Industry Data Security Standard, and Health Insurance Portability and Accountability Act, according to Ross.
“As long as firms can demonstrate they are making progress towards compliance, they should be okay,” he added.
NEWSLETTER SIGN UP
And receive exclusive articles on securities markets
🏆 The 2026 Global Markets Choice Awards are here! 🌍 Nominations are officially OPEN for the celebration of excellence in global capital markets trading & technology. Nominate below:
https://www.jotform.com/form/260086385121150
Delaware Life Insurance Company is becoming the first insurance carrier to offer an index that contains cryptocurrency, adding the BlackRock U.S. Equity Bitcoin Balanced Risk 12% Index to its fixed index annuity (FIA) portfolio.
As the digital assets industry pushes toward
Franklin Templeton is expanding its tokenized fund suite, signaling growing institutional demand for blockchain-based fund infrastructure and regulated investment products moving onchain. Read the full article below:
$50 billion in active ETF inflows helped fuel a record year for @BlackRock 's iShares business, as investors continue to lean into active strategies.
Related articles
-
Publishing data onchain can lead to unified, transparent, and programmable markets.
-
Singapore event aims to enhance industry understanding of the forces shaping financial data.
-
PM Insights provides daily secondary market reference data.
-
This expands retail access to futures markets.
-
The goal is to increase certainty ahead of the go-live of the EU’s CTs for bonds and equities.