Post implementation, GDPR costs higher than expected
A Versasec survey examining the global impact of the General Data Protection Regulation (GDPR) nearly six months after its roll-out shows the privacy regulation costs more to implement than many had anticipated, and that non-EU companies are adopting similar regulations in anticipation of stronger customer privacy rules in their own locations.
Though the survey showed a generally positive response to GDPR a half year after its implementation, many respondents said their companies paid more than they had anticipated for compliance with the regulation (41 percent). Another 41 percent said they were successful in keeping their costs on budget, and 18 percent said it cost them less to implement than they had expected.
Respondents to the survey cited ensuring all employees comply with the rules as their biggest concern with GDPR in general (41 percent). 24 percent are worried about being assessed fines for non-compliance, and 19 percent say they are concerned about having to educate non-EU employees on the regulation. Surprisingly, just 16 percent feared losing revenues or customers due to GDPR.
In terms of complying with the new regulation, companies said their challenges centered around educating internal employees (27 percent), not having enough resources to complete the implementation (23 percent), communicating with customers (20 percent) and addressing technical issues in a timely manner (20 percent).
Despite more than half of the survey respondents saying their companies are based in the US and other non-EU countries, 70 percent of them said they are still working to comply with GDPR even though it is not required. About 50 percent noted that whether they have the rules or not in their countries, GDPR remains a good standard security practice.
30 percent also believe that more stringent privacy rules will likely be forthcoming across the globe. What’s more, nearly one in four respondents not currently under GDPR control feel adopting the regulations now will help them as they prepare their companies for expansion into Europe.
Even when costs were spot on, compliance was not easy for many of those polled, with 59 percent admitting their companies were not in full compliance by the May 25, 2018 GDPR deadline.