One consequence is that each company must know, and document, what information (if any) they have about each individual. This may be a particular challenge for large, established corporations, since data about individuals may be spread across different business units and multiple databases, spreadsheets, offsite backup copies, and even paper archives. For some time, many companies have struggled to build a “unified view” of each of their customers, even though achieving this would facilitate cross-selling of products from different divisions. Now they will have a legal requirement to do so.
For start-ups and young companies, GDPR compliance may thus provide a temporary advantage over larger competitors. Having a relatively smaller number of customers, and having less complex databases, such companies should find the tracking of individuals’ information to be less of a challenge.