The financial penalties for non-compliance are significant. The requirement to know where all data is kept and be able to delete it when directed is non-negotiable. And supervisory authorities in Europe can initiate audits and suspend data transfers any time. The realities of the General Data Protection Regulation are beginning to set in for any company doing business in the European Union, as new laws governing data privacy will take effect on May 25, 2018.

If there is a silver lining in all of this, it may be that GDPR could well present a useful marketing opportunity. Despite strict requirements surrounding the care and handling of personal data for EU citizens, there is a portion of the rules that could result in a significant upside for companies seeking to build stronger ties with current and prospective customers. It’s called the double opt-in.

While fines and data requirements have been grabbing most of the media attention surrounding GDPR, the double opt-in has not received as much publicity. GDPR’s provisions require that companies can no longer just market to people who expressed “soft” interest in the past, through exchange of business cards or consent to receive periodic communications. Now, current and potential customers must specifically agree to receive continuous communications, and some companies are already moving to cultivate databases, obtain consent and “lock-in” a key pipeline of customer data and interest. Is there any better prospect than one who says, “Yes, send me more information”?

“Marketing is often helping [information technology] and legal departments fund GDPR efforts. We have a number of clients that, for the first time, are putting together a view of how they make money using data,” said Jay Cline (pictured, left), principal at PricewaterhouseCoopers LLP, or PwC.

Cline stopped by the set of theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with co-hosts Dave Vellante (@dvellante) and Stu Miniman (@stu) during this week’s Veritas Vision conference in Las Vegas, Nevada. He was joined by Jane Allen (pictured, right), principal and partner at PwC, and they discussed opportunities to monetize data revealed by meeting requirements, limits imposed by GDPR, the need to tailor compliance based on business needs, and PwC clients’ longer-term view. (* Disclosure below.)

This week, theCUBE features Jay Cline and Jane Allen as our Guests of the Week.

View of hidden data

The process of obtaining a clearer and more complete picture of the data lake is leading PwC’s clients to discover information that many didn’t know they had. This offers the opportunity for many firms to find ways for responsibly monetizing this data, while staying within the privacy regulations of GDPR. And it is giving them an opportunity to reconnect with customers and potential clients as part of the re-permissioning campaign.

“If you have to go through this exercise to be compliant, but you get additional insights from your data and you know where to invest more for additional business opportunities, then hopefully you’re reaping more ROI off that effort,” Allen explained.

Thorough data analysis and obtaining direct consent to receive information is important for another reason. After the deadline for GDPR implementation passes in May, companies will no longer be able to market to anyone who has not provided the double opt-in consent.

“You’ve got to know a 360-degree view of all the personal data that you have of your employees, your consumers, your customers,” Cline said.

In preparation for GDPR, a number of companies have already developed new tools or made database adjustments for compliance. Rackspace Inc. recently rolled out a new Privacy and Data Protection Service that is built on a data encryption platform offered by Thales e-Security Inc. Google Inc. launched a new website that explains how a significant portion of its products, including Gmail, Cloud Platform and AdSense, are already compliant with the EU standards.

Microsoft Corp. announced in May that Azure cloud service customers will be compliant well before next spring and offered additional services, such as Office 365 Advanced Data Governance, to meet GDPR requirements. In addition, the company plans to release a “Risk and Compliance” dashboard that will show customers where they may be falling short.

“There’s no one right way of doing this. It depends on your business, your industry, your customer base, your geographic location, outreach and the data landscape,” Allen said.

Despite this activity, it remains an open question how prepared corporations will really be come next May. A Gartner report released only a year before the deadline predicted that more than 50 percent of GDPR-affected businesses will not be ready. And earlier this month, a survey of 1,600 organizations by WatchGuard Technologies found that 37 percent did not even know if GDPR applied to them.

Big gap in cloud awareness

The lag in compliance preparation may be due, in part, to the sheer complexity of enterprise infrastructures in today’s modern age. A Symantec threat report this year revealed that most CIOs thought they had 30 to 40 cloud applications, while the actual average is in excess of 900.

Companies with a big-time software as a service stack will be hard-pressed to pinpoint every data point, license or application. But that’s still what GDPR demands. “You’ve got to be able to produce evidence on demand that you have this level of control,” Cline said.

As the clock ticks toward next May, PwC’s executives have seen companies more willing to step back and consider ways to realize value from GDPR compliance demands, rather than to view it as one more tactical, pain relief project.

“It’s certainly something front and center, but it’s not a one-time, ‘let’s check the box and move on’ kind of exercise either,” Allen said. “Companies are thinking about their data and how they operate differently.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Veritas Vision 2017. (* Disclosure: TheCUBE is a paid media partner for Veritas Vision 2017. Neither Veritas Technologies LLC nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE