A GDPR Cost Benefit Analysis

It’s now been a little over one year since the European Union introduced the General Data Protection Regulation (GDPR) on May 25, 2018. The goal of this regulation was to give individuals more control over how their data is collected, stored, and used online.

The GDPR was introduced to protect the data of citizens and residents of the EU, and it’s application is not limited by the location of the organization. The regulations are global reaching. If an organization based inside or outside of the EU tracks, analyzes, collects, uses, and stores data of EU visitors through a company website, this organization will be subjected to the provisions of the GDPR.

With the GDPR still in its infancy, I was delighted to find empirical evidence from which to attempt a cost/benefit analysis on its merits. Ernst & Young (EY), a global professional services firm, has estimated that GDPR compliance will cost Fortune 500 firms approximately $8 billion USD. Forbes published more granular GDPR stats and showed the average cost to a Fortune 500 company at a staggering $16 million USD, compared to costs to European counterparts of approximately $2 million USD. These compliance costs are being allocated to lawyers, consultants, staffing, and technology.

Consider the impact of the GDPR on some of the largest American companies doing business in Europe that have massive customer databases to contend with, like Apple, Google, Facebook, JP Morgan, Goldman Sachs, Netflix, Airbnb, Uber, Walmart and many more. All of these companies will spend millions of dollars dealing with GDPR compliance — and rightfully so.

In the wake of the Facebook/Cambridge Analytica fiasco and others, it has become abundantly clear that blind trust in a company’s morals and ethical compass is no longer sufficient for the protection of personal customer data, and that a regulatory framework like the GDPR is desperately needed to protect individuals around the world.

While the cost of compliance seems high, the cost of non-compliance is even more. Those in non-compliance face a potential penalty of up to 4% of their global annual revenue, or $20 million Euros (approx. $30 million CDN), whichever is greater. Yes — those are staggering numbers! But if that’s what it takes for our data to be safe, I think those costs are worth it.

In 2017, when 7.2 million data records were being compromised daily, a study out of the Ponemon Institute put the global average cost of a breach at $141 per data record to resolve. In 2018, the number of compromised data records skyrocketed to approximately 25 million per day. With simple math, we can extrapolate that the annualized cost of data breaches now exceeds $1 trillion USD, and realize that the costs of GDPR compliance pale in comparison. Based on these stats, it is evident that organizations should be getting in compliance and educating themselves further on the GDPR guidelines. Let’s not wait for another costly breach or media firestorm to protect our organizations and our personal data.

This piece was written by Shyft Network International CEO, Bruce Silcoff.

***
Shyft is building the world’s first modern, secure, multi-stakeholder Blockchain-based trust network that enables KYC/AML attested data transfers. Join our Telegram (https://t.me/shyftnetwork), follow us on Twitter (https://twitter.com/shyftnetwork), GitHub (https://github.com/ShyftNetwork) and other channels found on https://www.shyft.network