GDPR compliancy costs to exceed $1M for many
Thursday, May 24, 2018
Richard Harris |
A new GDPR Survey from Netsparker says it's going to cost businesses on average of $1M to come into compliancy. The survey also found that over 80 percent of respondents feel GDPR is going to be a positive thing.
GDPR compliancy will cost businesses a pretty penny says the results of Netsparker's GDPR Survey. A survey of more than 300 C-level security executives, conducted online by Propeller Insights on behalf of Netsparker in March 2018, found that companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved.
GDPR is a new set of regulations the European Union (EU) has put in place to protect their citizens’ sensitive data from cybersecurity breaches. Under the terms of GDPR, strict conditions govern how organizations gather data and how it is managed. Organizations that fail to comply will face penalties. GDPR will go into effect May 25, 2018.
Companies seem to be taking GDPR very seriously. While many still aren’t PCI and HIPAA compliant, almost all (99 percent) of the security executives surveyed said their organizations are actively involved in the process to become GDPR-compliant.
In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.
“People are taking GDPR seriously because of how many high-profile data breaches we have all witnessed in the last few years,” said Ferruh Mavituna, CEO of Netsparker. “In the past, blame for data breaches was shifted around from party to party. Was it the business? The individual? The government? GDPR removes the ambiguity. As of May 25, businesses are responsible for data breaches. As a result, companies will have to restructure how they handle data, and, if they don’t have a sound IT infrastructure, they will have to rebuild from the ground up. It’s heartening to see that so many companies are taking themselves to task.”
Although 82 percent of companies currently have a data privacy officer (DPO) on staff, 77 percent plan to hire a new, replacement DPO prior to GDPR going into effect. More than two-thirds (37 percent) of businesses have had to hire at least six new employees to achieve GDPR compliance, and almost 1 in 5 (19 percent) have had to hire at least 10.
Meanwhile, security executives working in healthcare and finance report the most resistance to GDPR:
Security executives expect the technology industry will be most affected by GDPR (53 percent), followed by:
The vast majority (82 percent) say GDPR will be a positive thing for third-party companies in e-commerce, because it will cause them to take security and privacy more seriously, including: better evaluating third-party contractors (36 percent), making sure business partners are GDPR- compliant (28 percent), and checking the location of all business partners with whom data is shared (22 percent).
GDPR is a new set of regulations the European Union (EU) has put in place to protect their citizens’ sensitive data from cybersecurity breaches. Under the terms of GDPR, strict conditions govern how organizations gather data and how it is managed. Organizations that fail to comply will face penalties. GDPR will go into effect May 25, 2018.
Companies seem to be taking GDPR very seriously. While many still aren’t PCI and HIPAA compliant, almost all (99 percent) of the security executives surveyed said their organizations are actively involved in the process to become GDPR-compliant.
- About half (49 percent) are 75 percent of the way through the process
- Another 37 percent are halfway there
- More than two-thirds (71 percent) are confident that they’ll be fully compliant by the May 25 deadline
- Only 2 percent say it’s unlikely that they’ll be ready
In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.
“People are taking GDPR seriously because of how many high-profile data breaches we have all witnessed in the last few years,” said Ferruh Mavituna, CEO of Netsparker. “In the past, blame for data breaches was shifted around from party to party. Was it the business? The individual? The government? GDPR removes the ambiguity. As of May 25, businesses are responsible for data breaches. As a result, companies will have to restructure how they handle data, and, if they don’t have a sound IT infrastructure, they will have to rebuild from the ground up. It’s heartening to see that so many companies are taking themselves to task.”
GDPR Costs
The cost of GDPR is steep: while 80 percent of those in a micro company (1-9 employees) expect GDPR compliance to cost their business under $50,000, most (92 percent) of those working at an enterprise (more than 1,000 employees) expect GDPR compliance to cost their business over $50,000.
The GDPR Survey found that:
- 1 in 10 say GDPR compliance will cost their business less than $10,000
- About two-thirds (36 percent) will spend $50-100,000
- About a quarter (24 percent) will spend between $100,000 and $1 million
- 1 in 10 say GDPR compliance will cost their business more than $1 million
Although 82 percent of companies currently have a data privacy officer (DPO) on staff, 77 percent plan to hire a new, replacement DPO prior to GDPR going into effect. More than two-thirds (37 percent) of businesses have had to hire at least six new employees to achieve GDPR compliance, and almost 1 in 5 (19 percent) have had to hire at least 10.
- 14 percent of healthcare companies have only completed 25 percent of the GDPR compliance process, and 7 percent are unlikely to be GDPR-compliant by May 25
- 21 percent of finance companies have only completed 25 percent of the GDPR compliance process, and 3 percent haven’t even begun the process
Security executives expect the technology industry will be most affected by GDPR (53 percent), followed by:
- Online retailers: 45 percent
- Software companies: 44 percent
- Financial services: 37 percent
- Online services/SaaS: 34 percent
- Retail/CPG: 33 percent
The vast majority (82 percent) say GDPR will be a positive thing for third-party companies in e-commerce, because it will cause them to take security and privacy more seriously, including: better evaluating third-party contractors (36 percent), making sure business partners are GDPR- compliant (28 percent), and checking the location of all business partners with whom data is shared (22 percent).
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here