As we all know from the flood of emails coming into our inboxes explaining that privacy policies have changed and more, the dawn of the GDPR era is upon us.
Technically companies have until tomorrow, May 25th, to get into compliance with GDPR.
USV portfolio companies have been working on getting compliant for more than a year and we have been active in helping them do so and advising them on best practices.
I blogged about GDPR here at AVC last September in hopes that all of you would also start working on getting compliant.
If you have customers or users in Europe, you must comply with GDPR. But many companies are taking the approach that they will be GDPR compliant with all of their customers, regardless of geography.
For this reason, GDPR is the biggest user data privacy regulation to hit the Internet, at least in the last decade, and possibly forever.
There are some good things in GDPR. The basic notions that users have the right to control how their data is used and to opt-out of that usage seems right to me.
But like all regulations, the implementation and compliance details are painful in parts and there certainly could have been a lighter weight way to get to the same place.
My hope is that the US and other countries copy some of the better parts of GDPR but go without the overwrought elements.
The other thing to note about GDPR is that we should expect revenue headwinds from it for the next few quarters. Less emails will be going out. Less engagement will be going on. And less revenue will be generated.
I am OK with that. It’s a price to be paid for a step forward for user’s rights. No pain, no gain.