Legal tech firm Axiom reported that its research had shown that FTSE 100 and Fortune 500 companies could end up paying around £800 million in order to scrutinise contracts, to ensure compliance with the General Data Protection Regulation (GDPR). This is obviously a large amount of expenditure, and one that many companies are still in the process of planning for.
Of course, preparing for the introduction of GDPR, in May 2018, will not cost every business, organisation or company that amount of money. Costs very much depend on what processes are currently in place, and what scale and scope of personal data a company deals with.
What are the Considerations When it Comes to Cost?
One of the biggest costs for any company is likely to be auditing the data that they currently hold, to make sure that it complies with GDPR rules. Depending on the amount of data involved, this could be a significantly costly exercise, in terms of manpower. Businesses with more than 250 employees will also face the cost of hiring or training a data protection officer (DPO), if there is not already one in place. This is a stipulation of GDPR.
The Cost of Non-Compliance
However high the cost of complying with GDPR might seem, the cost of non-compliance could be significantly higher. There will be a system of fines in place, including a maximum potential fine of 20 million Euros, or 4% of annual turnover, whichever is higher. There is also the cost of damage to reputation to consider. Any company which suffers a data security breach is at risk of experiencing this type of reputational damage.
The fact is that any company which is wary of investing in GDPR compliance, or tries to cut corners, is at risk of encountering far higher costs, as a result of non-compliance.