U.S. companies are projected to spend a total of $41.7bn to achieve compliance with the GDPR, according to new research.
The European Union’s General Data Protection Regulation (GDPR) is set to be enforced next week. It will bring with it heavy fines , up to 4% of global turnover or €20m, for companies serving customers from the EU, regardless of their place of incorporation.
The data is from research by GIGAcalculator.com also found that European Union companies themselves face costs around $240 billion to prepare for the new legislation.
However, both projections do not include ongoing costs to maintain compliance, including technical expenditures, payroll for specially appointed Data Protection Officers (DPOs) and other personnel, and the extra legal and accounting expenses.
Web Focus’ data is based on a set of surveys among CEOs, CIOs, CTOs, and risk officers of companies regarding their GDPR compliance costs combined with extrapolation based on US and EU business census data on number and size of active businesses.
“The worrying trend of crafting hugely expensive regulations with worryingly vague positive effects does not seem to be coming to a halt. For comparison, the cost of this legislation for the EU is about 4 times the nominal yearly GDP of Bulgaria, my home country (projected at $59bn for 2017), while for the majority of end-users the legislation will likely have the only effect of adding more friction in terms of consent checkboxes and paperwork,” said Georgi Georgiev, managing director of Web Focus, the company behind the research.
According to recent survey sponsored by international law firm McDermott Will & Emery, and carried out by the Ponemon Institute, many companies are behind schedule to achieve GDPR compliance.
The survey showed that 40% of companies expect to achieve compliance with the regulation after the deadline. The study surveyed companies across the US and Europe on their understanding of the impact of GDPR and their readiness for it. It found that 60% of respondents say GDPR will ‘significantly change’ their organisations’ workflows regarding the collection, use and protection of personal information.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst
