GDPR, the EU’s new personal data regulations arrived in May 2018, forever changing the way businesses are allowed to handle the data of EU citizens. A report from Ernst & Young expects GDPR compliance to cost the top 500 companies around the world a total of $7.8 billion dollars, but that number could be even higher.
In this blog, we’ll unpack the expected and unexpected costs that are contributing to the total cost of GDPR across the globe.
The Expected Costs Of GDPR:
Auditing Your Data
Resources are committed to locating your data and sorting it into compliant and non-compliant information. Any non-compliant information is deleted. Obviously the scale of this task and the budget necessary to perform it vary greatly, depending on how much data your company gathers.
Adapting Your Processes For GDPR Compliance
Prior to GDPR, legislation was often vague or simply didn’t exist, giving companies almost free reign over how they captured an individual’s personal data. Now companies take steps to ensure their existing processes are GDPR compliant. There are 6 lawful bases that your company can use to gather data, which you can choose from depending on your area of work. This influences how you adapt your processes to ensure compliance.
Training Staff On New Compliant Processes
Once you’ve updated your processes, it takes time and money to train your staff to follow them. Your training materials need to be updated, and time that your staff would normally spend being productive and increasing company profits, instead need to be spent getting them up to speed on your new systems.
Even once your systems are GDPR friendly, ensure that the data being gathered is GDPR compliant. The penalties for failing to comply are great, amounting to either 20 million Euros, or 4% of your company’s total global turnover of the preceding fiscal year, depending on which is higher.
The Unexpected Costs Of GDPR: The Increase Of SARS Data Requests Under GDPR
In their report, The Impact of Privacy on the Public Sector, Exonar warns that data requests will place an additional financial burden on companies due to the removal of Subject Access Request (SAR) related fees. An even greater burden is placed on companies that fail to timeously comply with SARs requests due to the penalties associated with delays.
Companies Choose To Exit The EU Market (one way or another)
Not everyone is jumping on board the GDPR bandwagon. Some companies outside of the EU have weighed up their options, decided that the cost of compliance is too great, and stopped offering services to EU citizens.
Other smaller EU companies have suffered even more. Some of these SMBs lack the resources to do a complete overhaul of their processes and have closed as a result.
How To Minimise The Impact Of GDPR On Your Organisation & Ensure Compliance
If your marketing business is looking to ensure its telemarketing and data systems are GDPR compliant, but you lack the expertise necessary to accomplish this, the right partner can help you out. GCL Direct is an agency that specialises in B2B lead generation through telemarketing and marketing data services. To find out more on how we can help you thrive under GDPR, contact us today.