So what’s all the fuss about? In this post, we’ll explain why.
What Is GDPR?
GDPR is the European Union’s new data privacy law that was written to further ensure the transparency of companies’ data collection and privacy. It has specifications for businesses around how they handle personal data such as user email addresses and phone numbers. GDPR is only really supposed to apply to the EU and EU residents, but because so many companies do business in Europe, American companies must also show that they are also GDPR compliant — all by today, when the law is officially implemented.
American companies have been updating their privacy policies and explaining, at the very least, how they:
- Capture, use, store, and secure user / customer data
- Capture and use cookie data
- Capture and use location/mobile data
- Share user data with company employees, partners and third parties, if applicable
- Obtain user consent to receive marketing communications
We decided to deep dive into how companies are talking about GDPR and the necessary compliance preparations. We used Sentieo’s DocSearch to search for mentions of GDPR across SEC filings, call transcripts, press releases, presentations, and global filings. We can see below that mentions have definitely escalated over the last two years, especially as we got closer and closer to the date of implementation: May 25, 2018.
We also see that there was an initial spike shortly after European Parliament adopted the regulation on April 14th, 2016. GDPR has been in progress for the past 6 years, as the timeline below shows:
- January 25th, 2012: GDPR proposal released.
- October 21, 2013: The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has orientation vote.
- December 15, 2015: Negotiations between the European Parliament, Council and Commission (Formal Trilogue meeting) result in joint proposal.
- December 17, 2015: European Parliament’s LIBE Committee voted for negotiations between the three parties.
- April 8, 2016: Adoption by Council of the European Union
- April 14, 2016: Adoption by the European Parliament.
- May 24, 2016: Regulation entered into force, 20 days after its publication in the Official Journal of the European Union.
- May 25, 2018: Its provisions are directly applicable in all member states.
We took a closer look at the companies with the most mentions of GDPR. The top five companies included Varonis and Talend, which are both companies that offer data-centric services. Varonis (VRNS) is a leader in data security and analytics, focused on protecting enterprise data. Thus, the GDPR mentions in its documents often refer to the products it provides to prepare its customers for GDPR.
Talend (TLND), a software integration vendor, also heavily referenced GDPR during its May 10th earnings call. Michael Tuchen, Talend’s CEO & Director even mentioned that Talend would even be “assisting Virgin Money UK with meeting regulatory requirements, including the EU’s GDPR.”
IBM had the third-most mentions of GDPR in its documents, and has even conducted a study on the subject: Majority of Businesses View GDPR As Opportunity to Improve Data Privacy and Security. Here is part of their press release about the study that came up in our search:
Last year, IBM itself also began to offer solutions to help their customers become more compliant with data regulations. Here is part of a June 2017 press release detailing those solutions:
GDPR is definitely inspiring organizations to more closely examine their data policies, especially in light of Facebook’s data breach and consumers’ increased understanding of privacy. We anticipate that most businesses will view data transparency as an essential part of their future strategies. This goal of transparency has allowed for some businesses like Varonis, Talend, and IBM to offer up specific compliance solutions for this use case, since compliance can be a complex process for most organizations without the right support. On the other hand, B2B companies in the software and targeted advertising businesses that derive a significant proportion of their revenues from the EU may face challenges from the GDPR.
As we’ve seen with the example of Facebook, non-compliance and cloudy communication can result not only in legal struggles, but also become a public relations nightmare with which no organization wants to be associated.