GDPR compliance not so costly for big firms


While the fines may be punitive and costly, the cost of becoming GDPR compliant may not be all that steep for large companies, at least according to a recent survey by the law firm Paul Hastings LLP.

Paul Hastings surveyed 100 general counsels and chief security officers at the FTSE 350 and 100 general counsels and chief security officers at the Fortune 500. The survey showed that the biggest allocation of GDPR budget compliance is technology related. According to the survey, the average technology budget set aside so far by FTSE firms is £430,000 and for their Fortune counterparts it is $1 million.

It was interesting to note that 17 percent and 22 percent in the UK and US, respectively, didn’t budget for third-party legal costs.

Additionally, the survey found that only 10 percent of firms in the UK and 9 percent in the US have actually made their purchases. “Our research shows that, while large businesses are taking GDPR compliance seriously, there remain worrying signs that they may be falling short in planning for implementation next May. £430,000 or $1 million may seem a large sum, but, for many larger and more complex companies, it reflects a small portion of the technology and other costs that ultimately may be required,” said Behnam Dayanim, partner and global co-chair of the privacy and cybersecurity practice at Paul Hastings.

The survey also found that those surveyed are budgeting for additional staff that would focus on the increased regulatory demands. When it comes to the FTSE, 40 percent have set aside a budget between £201,000 to £400,000 for permanent staff. That figure is 34 percent in the U.S. and they have planned from $501,000 to $1 million in cost for staff.

While fines for data breaches in the U.S. are typically in the hundreds of thousands of dollars, or in the low single million dollar range, it is possible to see fines much higher when it comes to GDPR. The regulation goes in effect in May 2018 and pertains to all businesses that manage or process data of EU citizens.

“The GDPR is high-stakes. The consequences of violation can be immense, both in terms of fines and in potentially crippling disruption of a business’s ability to exploit what in many instances is its most valuable asset,” said Dayanim.

While every year is interesting when it comes to tracking enterprise data breaches — 2018, after the GDPR goes into effect, will be especially so.


GDPR raising cybersecurity awareness among EU business leaders

GDPR in the public sector: A Rock and Roll listicle

2 new business processes key to GDPR compliance


Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.