Six months in – GDPR Costs Exceeded Expectations
Just about six months after the implementation of the EU’s General Data Protection Regulation, we polled companies both in Europe and beyond to learn how the GDPR is impacting them. Among the most important findings: Many companies paid more than they’d anticipated, many non-EU companies are putting similar regulations in place in the belief that similar regulations are coming in their countries and educating users about remaining in compliance is a major concern.
We conducted the survey with Survey Monkey this fall. The survey showed a generally positive response to GDPR, but only about two in three companies said they’d paid about what they expected or less than expected to implement the regulations, which went into effect in May 2018.
About a quarter of respondents said they remain worried that they’ll be assessed fines for non-compliance, but only about 16 percent said they feared they’d lose customers or revenues due to the more stringent privacy rules.
Though the survey showed a generally positive response to GDPR a half year after its implementation, many respondents said their companies paid more than they had anticipated for compliance with the regulation (41 percent). Another 41 percent said they were successful in keeping their costs on budget, and 18 percent said it cost them less to implement than they had expected.
Respondents to the survey, conducted by Survey Monkey for smart card management system leader Versasec, cited ensuring all employees comply with the rules as their biggest concern with GDPR in general (41 percent). 24 percent are worried about being assessed fines for non-compliance, and 19 percent say they are concerned about having to educate non-EU employees on the regulation. Surprisingly, just 16 percent feared losing revenues or customers due to GDPR.
In terms of complying with the new regulation, companies said their challenges centered around educating internal employees (27 percent), not having enough resources to complete the implementation (23 percent), communicating with customers (20 percent) and addressing technical issues in a timely manner (20 percent).
Despite more than half of the survey respondents saying their companies are based in the US and other non-EU countries, 70 percent of them said they are still working to comply with GDPR even though it is not required. About 50 percent noted that whether they have the rules or not in their countries, GDPR remains a good standard security practice. 30 percent also believe that more stringent privacy rules will likely be forthcoming across the globe. What’s more, nearly one in four respondents not currently under GDPR control feel adopting the regulations now will help them as they prepare their companies for expansion into Europe.
Even when costs were spot on, compliance was not easy for many of those polled, with 59 percent admitting their companies were not in full compliance by the May 25, 2018 GDPR deadline.
View our press release about the survey results here: https://versasec.com/docs/2018.11.05-GDPR-Survey.php
By Joakim Thorén, CEO Versasec