This paper uses extensive firm-level data on European and US companies from 2014–2018 to explore the short-term impacts of the General Data Protection Regulation (GDPR) on European companies’ financial performance.
Our empirical analysis suggests that the costs of the GDPR during the first year of its implementation were substantial, at least for some European companies. The profit margins of the data-intensive firms increased, on average, by approximately 1.7 to 3.4 percentage points less than the profit margins of their US counterparts. The European data-intensive SMEs were the most disadvantaged group regarding their post-GDPR profit developments, while the large European data-intensive companies’ short-term post-GDPR profit margins dropped relatively less.
We do not find any statistically significant difference in the profit margin developments of the very large European and US companies. This finding is consistent with the view that the very large, multinational US companies that often have European customers and deal with the personal data of EU citizens also faced substantial costs when they needed to comply with the GDPR.