Is GDPR’s enforcement a temporary or permanent slowdown for non-compliant companies?

Blog | 14 March 2019

Several companies have recently decided to stop serving European customers in wake of the recent GDPR enforcement on May 25, 2018. They have posted notes and prohibited European IP addresses from accessing their websites.

Why such a slowdown?

The most logical answer is that they are not capable of complying with the new regulation. Therefore, it feels less risky/costly to stop serving European customers than risk being non-compliant. In many cases, this is true (although critics point out that these companies had two years’ to prepare). The CEO of a small US-based online training company outlined some very specific reasons why his business decided to stop operating in Europe. It had much to do with harsh penalties for non-compliance. He did not feel confident about his own compliance since he lacked expertise on more technical aspects.

Others have pointed out that GDPR pushes “fence sitters,” who already had weak or unstable European operations to begin with, to use GDPR as the catalyst to tip the scales in favor of shutting down rather than trying to strengthen those operations. Ad services vendor Verve noted that the infrastructure costs required to comply with the changed regulations were too expensive to justify.

Opportunities for compliance and successful business

Does this mean that non-compliance with GDPR is a permanent slow-down to the economy and businesses? Not necessarily. While it’s certainly possible that some firms will stay out of Europe, it seems to be an unlikely long-term decision. It also depends on each company’s strategy and size. Smaller firms that were already facing weak European revenue probably do not feel a strong pull to re-enter the space. However, larger firms that need global customers to sustain their business plans will make sure they are compliant and serve European customers again.

In addition to gaining consent (the easiest part of GDPR), companies who wish to prove GDPR compliance and do business in Europe will need to factor in several aspects of data management. Among key factors:

  • Personal data stores;
  • Processing and storage questions;
  • Usage of third parties when processing.


Most of these issues require to re-think identity and identity data. To be successful, companies should reconsider their entire approach to identity validation and protection. By focusing on the larger identity issue, companies can comply with GDPR while also ensuring better customer satisfaction.