There will be two kinds of companies at the end of 2018. The ones who look at GDPR regulations as a burden, and the ones that understand it for the business opportunity that it is.

US-based giants like Facebook have a burden mindset. Their business model and shareholder expectations have painted them into a corner manifested by their current lack of imagination.

Facebook plans to take on the time and expense of forking their platform, so they can minimally comply with GDPR only for E.U. users while the balance of the world (including the U.S. of course) will get the status quo*. “You’ve got fail!”

There will undoubtedly be nimble companies and new startups inside and outside the E.U. who will embrace the constraints of GDPR in the same way early innovators saw the added complexity of mobile design & development as a greenfield opportunity.

Constraints breed innovation. That’s why I think a so-called Privacy-first approach to business will be the next significant trend, much like the Mobile-first wave that came before it. Look out for headlines like, ‘5 things every UX Designer needs to know about a Privacy-first approach to user onboarding’. And that’s just the tip of the iceberg.

Smart folks realize that Privacy is a design principle. Let the “burdened” companies flounder and expect a new batch of creative players to emerge. They will lead with privacy as a core feature of their business model. Expect them to look at GDPR as an OK baseline. The real innovators will raise the bar even higher on their own accord as a means of competitive advantage.

These companies will, by default, deliver their Privacy-fist initiatives worldwide. They aren’t going to wait for the U.S. and other countries to catch up.


Update 08/13/2018: