The true cost of GDPR

The EU’s General Data Protection Regulation (GDPR) is set to cost FTSE 100 and Fortune 500 companies in the region of £800 million in contract analysis alone, according to research released today by Axiom, the legal tech firm.

Millions of contracts will need to be reviewed ahead of the May 2018 implementation date, and over 95% of companies still don’t know how many contracts need to be reviewed in order to comply with GDPR.

To compensate for this, Axiom has released a solution that leverages artificial intelligence and data privacy expertise to address this vast readiness gap.

>See also: GDPR: Compliance to commitment

The new GDPR contracts compliance solution uniquely combines deep data privacy expertise with artificial intelligence technology to analyse contracts, and includes an integrated/auditable workflow management system and scalable legal resourcing.

“GDPR has significant new and updated requirements of contracts governing the transfer of data; even current contracts with robust data protection language will be rendered non-compliant. The GDPR contracts compliance solution announced today will drive down the cost of finding, understanding and remediating these contracts at scale,” said Mathew Keshav Lewis, co-head of Axiom’s Global Banking and Regulatory Practice. “Axiom’s solution has been adopted by some of the largest firms in the world to address the impending regulatory deadline.”

As regulatory response experts with considerable experience working with the world’s leading companies on contract remediation, Axiom estimates that global firms still have millions of contracts that need to be identified and remediated by May 2018, at a cost of over £800 million (more than $1.06 billion).

>See also: GDPR compliance: what organisations need to know

In discussions with more than 100 companies from the Fortune 500 and FTSE 100 about GDPR contracts compliance, Axiom found the vast majority had not yet begun to calculate the scope of their potential contract remediation work. Less than 5% knew how many contracts would need to be addressed in order to comply with the regulation, which intends to strengthen and unify data protection for all citizens of the European Union.

“In tackling GDPR, the focus of most companies to date has been on large-scale technology issues and adapting systems to meet the new requirements,” said Lewis. “With just six months until the deadline, clients need to turn their attention to the millions of contracts between controllers and processors – they need to be found, understood and in many cases, renegotiated. There is a material compliance risk and huge fines for companies that don’t meet the deadline. The sheer volume of work means clients need smarter ways to reduce the cost and complexity of compliance.”


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics