More than 40% of US companies remain open to fines of up to €20 million for non-compliance with new European consumer data legislation.

The General Data Protection Regulation (GDPR) came in to effect back in 2016, whilst the final deadline for compliance comes this May.

Now any global company which deals with EU citizens’ data must comply with a new and more stringent set of demands.

And that is a problem, because a report from analyst firm Technology Business Research finds more than four in 10 of US firms are still not reaching toward compliance.

“Several of the very large vendors actually still haven’t completely rolled out there GDPR compliance suites yet,” says TBR’s VP Stuart Williams. “So, this is a difficult time for an enterprise if you’re looking for your provider to be compliant.

“This is a big change, particularly in North America or the United States, where companies are used to getting information about participants in the marketplace, audiences, potential customers, their own customers, and holding that data as if they own it.”

New GDPR stipulations give consumers new protections including:

  • tighter consent conditions for the collection of citizens’ data.
  • consumers can instruct companies to stop processing their data.
  • automated decision-making and profiling decisions must be made clear.
  • consumers can request decisioning by automated processes be stopped and handled by a human instead.
  • they have the right to request an explanation of automated decision-making.
  • they can request free access, rectification and deletion of data.

But Williams has three recommendations for companies to achieve compliance:

  1. “They need to change their perception really, around the nature of data in their enterprise.”
  2. “Being able to establish the clear chain of custody for how … personally identifiable information … flows through your enterprise and how when an EU citizen requests it.”
  3. “Build a trust relationship with your audience and with the people who are giving you the personally identifiable information.”

This video is part of our series on the preparation and anticipated impact GDPR on the digital media world. The series is presented by Criteo. Please visit this page for additional segments.