The General Data Protection Regulation (GDPR) has taken four years of negotiations and debates, and the finalised legislation will come into place on 25th May 2018. As a business, the topic on everyone’s mind is how much is GDPR going to cost me? Looking at the cost vs gain of implementation, we have outlined what you could lose for non-compliance against what you can gain from being prepared for the EU’s newest law.
The most obvious way to be financially affected by the GDPR is through non-compliance. As it stands in Paragraph Five of Article 83 in the GDPR official document, the cost for breaching any of the legislation is a maximum of €20 million or 4% of the total worldwide annual turnover of the preceding financial year; whichever is higher.
While it is not currently known how high the actual fines for breaches will be, it is assumed that the initial infractions will set a precedent for continued charges. It is highly likely that the EU will implement high penalty to present a clear fight against non-compliance.
In the UK, the recorded highest fine for a data breach was given to telecommunications company Talk Talk. Talk Talk were fined for their violation of data over 150,000 customers names, addresses, dates of birth, phone numbers and email addresses as well as thousands of customers bank details and sort codes. In this instance, the cost for the telecommunications company was £400,000.
While it is not currently known the intended outline for breach charge levels, starting the legislation with a strong message of control seems to be the aim of the GDPR regulators.
Impact of reputation
While a data breach is considered the highest financial impact of non-conformation to GDPR, it is essential also to consider the cost impact for a bad reputation. With modern technology, customer-effecting incidents rarely stay out of the news. While all eyes will be on the implementation of GDPR, it will not be long to discover which companies are not complying from the onset.
In regards to the Talk Talk breach mentioned earlier, it is estimated that they lost 101,000 customers and suffered non-fine related costs of £60 million. Despite the violation happening in 2016, the company is still considered inferior to its competition; with a considerable amount of that falling to customers trust. It can take a long time for companies to earn trust and just seconds to cause irreparable or long-term damage.
The financial gain of GDPR
While many businesses are worried about the initial costs, in regards to time, resources, equipment and training, it is always important to remember the financial benefit that can be reaped from a well set up, maintained and in-house regulated policy.
Many international companies invest considerable funding for country-specific officers in charge of monitoring the company’s data protection and liaising with government officials to ensure they are regularly updating and monitoring accordingly. Having an EU-wide policy will enable organisations to have less staff working on the data protection side as there is now only one regulation for all. This opens up opportunities for companies to deploy personnel to excel other aspects of the business.
Having one, firm legislation that is operated by all companies also means that costs of training new employees will be reduced as organisations can set up one business-wide GDPR training system.
It may be assumed jobs will be lost from the lack of need for country appointed government liaisons. However, employees with this background and understanding can successfully be deployed to a data protection officer (DPO), or monitoring role. These members of staff are the SMEs and the trainers who can reduce the costs for training new employees on the difference between the old and new legislation and how they affect the business in-house.
As previously discussed, the negative impacts of reputation are critical contenders in the cost element of GDPR; however positive reputational results are essential to consider when looking to
reap financial gain. Customers are going to be using their research to find out which companies they can trust, and this will be reflected by the publication of data protection procedures and how prepared a company is to comply.
For your business, you can show your customers and prospects that their trust and your compliance is at the top of your priorities. Ensuring there is a clear outline, readily available to customers highlighting how you as a business intent to not only comply to GDPR standards but also how you intend to keep your customers well informed and protected will assist in boosting reputation for the company in comparison to competitors.
Reap the rewards today
As GDPR comes into legislation on 25th May 2018, there is no time to waste. It is important to ensure you are prepared well in advance and have spent enough time broadening your knowledge on the topic to ensure there are no nasty surprises. To make sure you are ready, get in touch with the experts at Cyan Solutions today to provide your business with the tools you need to see the benefits of GDPR.