Edit: That is, ridiculously easy for new companies. Incumbents have been hoarding data for too long and it was actually harder for existing companies to become compliant.
When you’ve built a social consumer business in Europe that is profitable after compliance, send me a term sheet.
I didn't build a profitable social consumer business in Europe after compliance, but I was part of a team that implemented compliance for a long existing company within the US due to them having clients and client's clients in Europe. They're profitable. Do you want my term sheet? Or are you weakly attempting to flex while complaining that people's basic right to privacy is preventing you from earning obscene amounts of money?
It feels like a regulatory moat for the big players who can afford it. Sorta like a complex VAT policy.
If you do everything right from the start, the costs are minuscule.
It literally is:
- you only store data you require to run your business
- you delete data if customer requested deletion
- you give the customer their data if they ask for it
If your profitable business is built upon selling customer data wholesale to third parties, then good riddance.
It's still early days. We'll see what will happen when the DPA's and the courts have fielded a few high profile cases.