The U.S. and Europe are Approaching GDPR and Data Privacy Very Differently

Published On: May 8, 2019Categories: Blog

Mark Wellins, Chief Customer Officer of, wrote in CPO Magazine this month about the different ways the U.S. and Europe are approaching GDPR.

“Well, GDPR is not scaring anyone. In fact, it’s a lawyer’s dream come true. It’s becoming quite clear Europe and the U.S. are attacking GDPR compliance problems from different angles. In Europe, the compliance budget covers lawyering up, whereas, on the other side of the pond, the Americans are using their compliance budgets to solve the problems with automated solutions. Which is the opposite of what we’d expect given the litigious nature in the U.S. It seems the worm has turned.

I’m thinking that this swing is due to the practical implications of the very similar, yet different legislation. Let’s look at GDPR – non-compliance results in a fine of 4% of the annual revenue (or €20m, whichever is greater). How? Well the ICO imposes fines on a case by case basis, with fines being discretionary, not mandatory. That doesn’t really benefit Johnny Public, does it? In the U.S., non-compliance (with CCPA for example) results in a consumer (yes, Johnny Public) suing the company for $750. Simple, straight forward and completely comprehensible to the individual.”