The GDPR waves are forming across the Atlantic, where a European Union law attempts to control and infect the digital world.
But it’s not just those outside of the 28 European Union countries that are being negatively affected. An entire industry of advisors is weaving itself, specifically to advise and consult others on GDPR matters.
Some of this advice, can be disastrous for the businesses involved.
The new regulation of data protection will leave several victims along the way: companies that, due to bad advice, are exposed to millions in fines or will lose a large part of their business.
In a Spanish article titled, “GDPR victims: ‘A lawyer ripped me off and I can lose millions for a simple mail’,” the author shares different incidents, including one on how a business owner spent 4,300 Euro to become “GDPR compliant.” Despite the work of the attorney he hired, he was still left exposed to potential claims:
Miguel has a company dedicated to the construction sector. About six months ago, a lawyer appeared at its facilities, which house its approximately 250 employees in an industrial estate around Madrid, to talk about a GDPR (the new data protection regulation established by the EU) and offer their services so that the company was within the law. Miguel did not know what the GDPR was or if it affected him , so he called the Chamber of Commerce of Madrid, where they confirmed that yes, due to the characteristics of the company, it had to adapt to said regulations .
So Miguel hired the lawyer in question. It was not little money, 4,300 euros, but taking into account the possible fines to which he risked if he failed to comply with the GDPR (up to 20 million euros or 4% of his annual turnover), he understood that it compensated him. What Miguel did not know is that last week, in full turmoil by European regulations, he would discover that the work that the lawyer had done him was absolutely useless . He had spent 4,300 euros in vain.
Another customer in Spain lost 80% of his clients by doing unnecessary tasks for GDPR compliance:
Charo, an entrepreneur from Barcelona who sells accessories on the Internet, created a community of users through e-mail, so in his case the e-mails are essential in his business model .
The fact is that the ‘e-mails’ that Charo sent already complied fully with the LOPD (the regulation that had Spanish companies), but found the wrong lawyer: “When I wanted to report on the GDPR, a lawyer He said that if he sent ‘newsletters’, he had to send all my users a new ‘e-mail’ to ask for their consent to continue sending them, that although I included them in a totally legal way, the GDPR obliged me to ask for their consent. new . “
Said and done. Charo sent the ‘e-mails’, but among the users who did not open it and those who read it quickly thinking they did not have to do anything, only about 20% of their database answered. And as Charo said in his ‘e-mail’ that “if you want us to keep sending you news, we need you to click here”, suddenly and stroke it had ventilated 80% of its database.
Even lawyers agree that GDPR has created an open season among law professionals:
Samuel Parra, a lawyer specializing in the GDPR, is not surprised by anything: “We have seen it a lot lately: there are many law firms that have deceived companies , offered their services to adapt to the GDPR but then did nothing. the companies are the same as before, only that they think they are complying with a regulation that they do not really fulfill “.
These are not necessarily small firms: “One of the biggest in Spain has been offering GDPR services for a while when he has never been dedicated to that, and of course, you see what they are doing and it is badly done. To make money with these services and offer them even if they do not know how to give them, I have come to see companies putting measures that have been repealed for a long time , and the lawyers have charged them for that “.
Read the full article in Spanish, or read the translation in English.
