GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.
The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe.
The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies (€20 million/$24 million or 4% of a company’s annual worldwide revenue —whichever is higher).
There’s also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called “Data Protection Officer.” Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company’s servers if they so wish.
Companies are turning away from the EU market
Any company that has data on EU users is subject to the new GDPR regulation and can be fined, regardless if the company is not based in a EU state.
As such, smaller companies that can’t afford the exorbitant (consultation, legal, and technical) costs of becoming GDPR compliant, are hoping that nobody notices they’re breaking the law or pulling out of the EU market altogether.
Examples of companies and services that have withdrawn from the EU market because of GDPR include Verve (online marketing), Ragnarok Online (online game), Super Monday Night Combat (online game), Unroll (email subscription service), Brent Ozar Unlimited (software supplier), Tungle (gaming software provider), and Drawbridge (cross-device identity service)
The list is probably bigger, as not all companies have made their decision public.
Companies are intentionally blocking EU IP addresses
Apart from this, there are also the companies that had no intent on breaking into the EU market but are serving customers regardless, and as such, are also falling under the GDPR umbrella.
Here, a new trend has sparked —blocking “unwanted” EU customers from accessing their sites in the first place.
A company that has openly admitted to such a practice is Boston-based cyber-security firm Steel Root, which has implemented its own system that blocks EU-based users from accessing its service.
But running such a system is not an option for companies with no experience in managing IP blacklists. Here’s where the makers of GDPR Shield have seen a business opportunity.
EU regulation sparks another Internet trend
“Block EU users from accessing your site,” the GDPR Shield website reads. “Don’t spend thousands on legal fees to make your site GDPR-compliant. If you aren’t targeting EU users, simply use GDPR Shield to block all traffic from the EU,” the company boasts.
The GDPR Sheild service is not free, though, and sites that want to use it have to pay monthly fees from $9 upward.
Similar services are bound to pop up on the web in the coming days, similar to how tens of websites appeared after the EU passed its infamous Cookie Law that mandated that each website ask users for permission before storing cookies on their devices.
That useless EU regulation generated an influx of similarly useless popups all over the web, and the new GDPR regulation might have the unintended consequence of shutting out millions of EU users off of thousands or more websites owned by companies that are not in the mood of spending thousands of dollars to become GDPR compliant.