The real cost of new data protection laws

The Financial Times reported yesterday that technology companies are already counting the cost of the sweeping EU rules on data protection – like the impending EU General Data Protection Regulation – that will not be introduced until next year. Indeed, the report concludes that, ultimately, the tech sector is struggling to cope with the impending barrage of EU data protection laws.

A Financial Times survey revealed that the sector is scrambling to hire new staff and redesign products as it faces millions of dollars in higher costs and lost revenues.

The FT contacted 20 of the largest social media, software, financial technology and internet companies with EU operations, about the bloc’s new GDPR. It comes into effect next May and will require businesses to adopt stricter standards for dealing with customer data.

>See also: GDPR compliance: what organisations need to know

Facebook was one of three companies to say that initial compliance would cost several million dollars. Others said they faced having to hire extra staff and consultants to implement changes so that customers could delete information, or export it in a format compatible with rival services.

Commenting on this news, Steve Durbin – managing director of the Information Security Forum [ISF] – said that organisations could not underestimate the impact of GDPR.

It “is the greatest shake up in privacy legislation that we have seen. It redefines the scope of EU data protection legislation and forces organisations, wherever in the world they are based, to comply with its requirements. Taking into account the overall cost of compliance, along with potential sanctions for non compliance which include fines of up to 4% of annual turnover, the GDPR will undoubtedly affect an organisations overall corporate risk profile.”

>See also: Will the new Data Protection Bill reduce Brexit uncertainty?

He went on to explain that the “proposed Data Protection Bill aligns organisations responsibilities with the expectations of individuals. It requires organisations to provide individuals with access to their personal data and then allow them to request that the data be corrected, moved to another service provider, or deleted altogether. This is key for the tech industry; regardless of potential cost, they must match the efforts of other industries to ensure the needs and wishes of its consumers are met.”


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...