Time is ticking down for US-based firms to prepare to meet the demands of the EU’s General Data Protection Regulation, which goes into full effect on May 25.
Although firms without a presence in Europe may think that they will not be affected by the regulation, GDPR casts a long shadow, according to David Ross, principal, cybersecurity & IT risk at Baker Tilly, during a recent webcast.
“The EU is the third largest economy behind the US and China,” he said. “Europe is touching your business in some way.”
The regulation’s maximum fine of 20 million euros or 4% of a firm’s global revenue has generated a lot of fear, uncertainty, and doubt within US-based firms.
A poll of the approximately 800 webcast participants found that the majority of their firms (58%) were not compliant but are getting closer while 28% of the respondents said that their firms still had a long way to go. Only 9% of the audience claim their organizations are compliant and 2% of those polled did not know what GDPR is.
The trouble for US-based firms is that GDPR is vague in what it covers, according to Ross.
“The biggest problem is that it is broadly written,” he said. “Usually there is a regulation and the case law that comes from the regulation, but we do not have the case law yet.”
However, Ross expected that most US stakeholders, complying with GDPR would be a 30- to 90-day process depending on the firm.
He also noted that preparing for GDPR is a good warm-up for other data privacy regimes that are in the pipeline.
The UK Parliament is considering a somewhat stricter regulatory framework while Latin American nations are considering adopting GDPR or developing their own version of it, said Ross. “In the US, there are three privacy bills winding their way through Congress, two in the House and one in the Senate.”
Firms can leverage their experience with other privacy-related regulations, such as Privacy Shield, Payment Card Industry Data Security Standard, and Health Insurance Portability and Accountability Act, according to Ross.
“As long as firms can demonstrate they are making progress towards compliance, they should be okay,” he added.
NEWSLETTER SIGN UP
And receive exclusive articles on securities markets
Pension funds, sovereign wealth funds, endowments and other institutional asset owners are sitting on vast troves of data -- but extracting value from that data is more challenging than ever.
#AssetOwners #DataQuality
Technology costs in asset management have grown disproportionately, but McKinsey research finds the increased spending hasn’t consistently translated into higher productivity.
#AI #Fiance
We're in the FINAL WEEK for the European Women in Finance Awards nominations – don't miss your chance to spotlight the incredible women driving change in finance!
#WomenInFinance #FinanceAwards #FinanceCommunity #EuropeanFinance @WomeninFinanceM
ICYMI: @marketsmedia sat down with EDXM CEO Tony Acuña-Rohter to discuss the launch of EDXM International’s perpetual futures platform in Singapore and what it means for institutional crypto trading.
Read the full interview: https://bit.ly/45xRUWh
Related articles
-
The world’s largest investment firms are leveraging technology and partnerships to extract more value from t...
-
Pyth aims to provide onchain prices for 10,000 instruments by the end of next year.
-
Bringing government data onchain catalyzes a wave of new financial instruments.
-
Data blind spots, specifically in private companies, have created challenges for institutions.
-
Brokers want to focus on adding value, rather than collecting and cleaning data.
We're Enhancing Your Experience with Smart Technology
We've updated our Terms & Conditions and Privacy Policy to introduce AI tools that will personalize your content, improve our market analysis, and deliver more relevant insights.These changes take effect on Aug 25, 2025.
Your data remains protected—we're simply using smart technology to serve you better. [Review Full Terms] | [Review Privacy Policy] By continuing to use our services after Aug 25, 2025, you agree to these updates.
