by GDPR Associates | 2nd September 2015 12:25 pm
The EU data law is due to come into effect in December 2017, and between now and then customer-focused companies face the greatest workloads and highest costs in compliance preparation.
Becoming General Data Protection Regulation (GDPR) compliant will vary, but there is no shortage of estimates designed to act as guidelines. However, 87% of companies surveyed are unable to calculate the budget that will be required, and 82% of the 506 companies asked said they are unaware of their current spending on existing compliance rules.
A sizeable minority believe there are no financial implication of any kind in preparing for GDPR. A representative of the Information Commissioners Office (ICO) said recently that there would be leeway for companies and other organisations that have made a recognisable attempt to be compliant, but not succeeded. Token efforts would not count.
One responder to the survey predicted that GDPR would cost their company £5 million to become compliant, and £1 million a year to maintain it. The Ministry of Justice produced research of its own that concludes the cost to UK business could be as high as £320 million a year, and £2.1 billion over fourteen years. These sums are countered by the belief that a greater emphasis on compliance regulations will save between £42m and £124m in fines imposed by the ICO.
A report for the Information Commissioners Office finds that to appoint a data protection officer to oversee compliance will cost between £50,000 and £75,000 annually, and for UK businesses of all types a total of £229 million. For SMEs it could add £182 million to salaries, and for larger companies £47 million.
The EU itself predicts the cost to European business will be £580m, and there will be a £2bn administration saving for pan European brands because multiple national data rules will no longer exist. This ignores the fact that regulatory authorities in each European country will have leeway to enforce and apply sanctions as they see fit, meaning marketers will still contend with different regulatory regimes with their own interpretations of the law.
Consumer-facing financial companies are estimated to have to pay between £100,000 and £500,000 to become compliant, but just as important is the loss of revenue created by a failure to obtain the new higher level of opt in consent from consumers, which will lead to losses of revenue running into tens of millions.
Other Big Data users, such as the utility, grocery and IT sectors will also face major compliance challenges. The report claims charities and membership organisations may find fundraising impossible, and extra revenue will have to be found by them to cover a necessary increase in telemarketing.
In the data sector itself the Direct Marketing Association believes tighter regulations on consent could lead to a 50% fall in turnover for list brokers, and a similar drop in business for data cleaning services.
Data companies could face a one off cost of £500,000 for system development in order to meet consumers ‘Right to be forgotten’ and subject access fees. Data portability will cost another £100,000 in system changes.
Digital advertisers still require clarification on how pseudonymous data will be treated within GDPR. If the law goes against their interests the Internet Advertising Bureau believes there will be a £633 million a year loss in advertising revenue.
Most companies that employ 250 people or more, and those with more than 100,000 consumer data files, already have a job position focused on compliance. The cost to train them on GDPR will be £7,600.
Whatever the costs will be for individual companies the cheapest way to tackle GDPR is to start preparing as soon as possible. The later it is left the more expensive and disruptive it will be, and the time available in which to prepare will already not be enough for some large consumer-facing companies that are heavily reliant on marketing databases.
After December 2017 the ICO could come knocking at anytime, plus members of the public may be given the right to claim damages for misuse of their information. A PPI-style claims bonanza is something all companies could do without.
Article originally published here.
Source URL: https://www.gdpr.associates/cost-eu-data-law-compliant/
Copyright ©2020 GDPR Associates unless otherwise noted.