Promulgation of GDPR in 2018 has indeed pushed the envelope of the digital strategy in general and privacy in particular. Companies are burdened with extra cost for staying in GDPR compliance. This has created a new GDPR / Privacy compliance industry, the market size of which is still a guess. Our analysis values the GDPR compliance market at $384.9 billion
The cost of GDPR compliance is fairly steep, and it is operational and ongoing cost. Continuous compliance is rarely scalable without the right technological solution. Without the ability to scale, the total GDPR cost will only compound over time.
A new report from DataGrail, “The Cost of Continuous Compliance,” provides valuable benchmarking data on just how much organizations are spending — both in terms of financial resources and time — in order to keep up with the demands of continuous compliance. According to this DataGrail 74% of small- and mid-sized organizations spent more than $100,000. Notably, 20% spent more than $1 million. Only 6% of all organizations spent less than $50,000.
A Forbes report claims GDPR is costing US Fortune 500 companies $7.8 Billion, while UK FTSE 350 companies spend $1.1 Billion. On an average Fortune 500 company spends a whopping $16 million. These estimates however do not include thousands of small and mid size enterprises.
Such high costs of GDPR compliance are essentially because,
in the current state-of-the-art GDPR compliance requires manpower to design, implement and monitor GDPR’s privacy mandates on a continuous basis.
According to a pre-GDPR survey of 300 C-level security executives, 91% of the polled companies had to either hire dedicated team or a third party firm (63% & 28% respectively) for GDPR compliance.
Even prior to GDPR going into effect, 82% companies already had a data privacy officer (DPO) on staff. Post GDPR that number is expected to approach 100%. In general, the more employees a business has, the bigger the compliance team. About 56% of the companies hired at least 6–10 new employees for GDPR compliance (37% hired >6 and 19% >10 ).
The extra staffing for GDPR privacy compliance costs. 92% of those working at an enterprise (over 1,000 employees) expect GDPR compliance to cost their business over $50,000. About 44% of the companies spend more than $50,000 and about 10% spend over a million dollars.
The GDPR compliance costs are incurred under the following categories:
1. Hiring Data Protection Officer
2. Record of Processing Activities (Inventory)
3. Gap assessment
4. Policies and procedures
5. Modify processes
6. Train employees
7. Monitor compliance
There may be additional legal costs, which in some cases may be as high as 40% of the total GDPR compliance budget.
GDPR Compliance Market Size
The statistics on hiring additional staff for GDPR compliance indicates that companies on an average spend at least 75% of their total cloud computing budget on their compliance team. If globally the companies spend $128.3 billion in maintaining their databases on the cloud, they obviously spend no less than 3 times their cloud budget on hiring staff to run those services in compliance of regulations, particularly GDPR. That places the GDPR / privacy compliance market at $384.9 billion.
GDPR Non-Compliance Costs
If GDPR compliance is costly, GDPR non-compliance isn’t any less distressing. GDPR penalties can reach up to 20 Million Euros or 4% of annual global revenues, whichever is greater.
Protecting the online rights of citizens is a serious business, and there’s no way around if a business has global presence. With more privacy regulations coming up in other jurisdictions, it’s going to get a lot more intense.