If Google Is Having GDPR Privacy Compliance Issues, Where Does That Leave Other U.S. Firms With Less Sophistication And Fewer Resources To Pay Fines? U.S. Companies With Strong IT Asset Management Programs Are Positioned Best Under EU GDPR … And Any Version Of GDPR Adopted In The U.S.
Google’s recent record $57 million General Data Protection Regulation (GDPR) compliance fine sent a shockwave through the American tech community. As bad as that is for Google, which is currently in the appeals process, the U.S. tech giant may have even dodged a bullet. Under GDPR, companies found in violation could receive a maximum penalty of up to 4 percent of their annual revenue. That’s a potential $4 billion liability in Google’s case.
For company managers and investors, GDPR compliance is becoming a major issue. Unlike the cash-rich and tech savvy Google, many U.S. firms, both private and publicly traded, can’t survive a maximum sentence for GDPR non-compliance. And with the accelerating consideration of similar privacy rules in the U.S., investors are right to be worried about data protection protocols.
The potential liability risk isn’t just limited to companies that process data. If an organization’s software tools include Microsoft, Adobe, IBM, etc., the same tools and companies with which Google has contracts with, then it would stand to reason that more than just the firms that process data are vulnerable to GDPR headaches. New U.S. rules patterned along the European model would present similar concerns.
IAITAM President and CEO Dr. Barbara Rembiesa said: “In the ever-evolving landscape of data privacy issues and regulations, now more than ever, is it fundamentally important for U.S. firms to invest in sound IT Asset Management (ITAM). Savvy investors are keen to spot potential liabilities and with the recent Google fiasco, eyebrows are being raised. The firms that have already invested in ITAM programs are ahead of the game and shareholders should know it. If you’re an investor and you don’t know if your company has a mature IT Asset Management program, that should be a red flag.”
Rembiesa pointed out that eight months have passed since the European Union adopted the GDPR. Before that, companies had two years to prepare. If Google was caught red-handed, that should sound the alarm for all U.S. based firms and their investors, according to the IAITAM head.
Dr. Rembiesa added: “The Google fiasco should have been prevented and could have been with a mature IT Asset Management program. Future incidents will only be prevented if those organizations have a mature process that is championed by someone who is managing proper data protection frameworks consisting of recommended best practice processes.”