The Acronym That Ate the World
GDPR is a new law that has companies around the world redoing their privacy policies among other data-related things.
GDPR, agreed upon by the European Parliament and Council in April 2016, replaces an older version of the regs (Data Protection Directive 95/46/ec). It went live at midnight in Europe and so far it has lived up to expectations that it would become the “primary law regulating how companies protect EU citizens’ personal data.” However, like a contagion, it has spread all over the world.
And companies are taking it very seriously. Several US media companies blocked EU users from their sites rather than run the risk of fines. And the rules will have massive implications for social media companies like Facebook and Google.
One member of NeuGroup’s Internal Auditors’ Peer Group said last fall that his company – a tech giant with lots of data amassed over several decades – was dedicating as much money to GDPR as it was to innovation. In fact, if it seemed to the company’s CEO the effort was lacking, he would shut down innovation initiatives and dedicate all resources to GDPR. This company and others are serious about the new rules because the fines for noncompliance are serious. A company may be fined up to 20 million euros (US$23 million) or 4% of its revenue from the prior year, whichever is greater.
Compliance might also prove pricey. Global US companies could struggle to find cost-effective and efficient ways to meet the new requirements; this would have big impact on how they do business in Europe, particularly as it relates to separating Europeans’ personal data from the rest of the world. According to Sinan Aral, management professor at MIT, it might even be impossible to comply. “What I’m hearing from inside … companies is that it is not efficient and in fact potentially not even possible to segregate consumers that are in Europe or sometimes in Europe, and then consumers that are outside of Europe,” he said in an interview with Knowledge@Wharton.
And so if you have questions as to whether GDPR applies to your company, the answer is likely yes. Therefore, "never send to know for whom the (GDPR) bell tolls; it tolls for thee."
In other news, it’s been a couple weeks since the new Libor replacement has been in place. At the end of their second week of trading, the CME Group’s new SOFR futures contracts had attracted an impressive array of market makers to support the derivatives. However, so far market participants’ interest in the contracts has been light. Read more here.
Also, tax experts are slowly getting their heads around the tax rules signed into law at the end of last year. The upshot? It ain’t pretty and warrants caution. That was Ernst & Young’s assessment of the the US tax overhaul. In a rundown of the reform given to members of NeuGroup’s Global Cash and Banking Group, E&Y said that the speed of the rules writing resulted in numerous errors and murky language. Republicans have tried to put together a technical corrections bill to deal with some of those errors, but Democrats—remembering how Republicans ignored a similar effort to tighten up the Affordable Care Act—have been uncooperative so far. Read more here.
For over 20 years, iTreasurer has delivered intelligence for treasurers. Based on exclusive access to senior treasury executives who are members of The NeuGroup Network of treasury peer groups, iTreasurer takes their real-world experience to produce articles, case studies and reports that are specifically meaningful to treasury best practice. www.iTreasurer.com.