The GDPR impact on business practices is considerable, as is the cost of GDP compliance. A recent survey conducted by PwC revealed that 77% of large companies are expecting GDPR compliance to cost in excess of $1 million. Due to the considerable GDPR impact on business practices, many companies are already rethinking whether or not to continue doing business in Europe.
Many large multinational companies are well aware of the GDPR impact on business practices and the amount of work GDPR compliance will involve. That is not the case for SMEs, many of which are only just realizing they must comply with GDPR.
GDPR does not just apply to social media sites and global retailers. All businesses, regardless of their size, will be required to comply with the General Data Protection Regulation if they collect or process the personal information of EU citizens.
The definition of personal information is broad and includes online identifiers such as IP addresses. Even online retailers that allow EU citizens to access their websites are required to comply with GDPR.
All businesses will be required to perform a risk analysis to identify potential vulnerabilities to the confidentiality and integrity of stored data. Many large companies already have a swathe of cybersecurity protections to keep sensitive data secure, but most smaller organizations will discover they must implement more robust cybersecurity protections in order to comply with GDPR.
Companies will need to review their policies on data collection. When GDPR comes into effect, companies will need to have a valid reason for collecting personal information. Any data collected must also be limited to the minimum necessary information to perform the purpose for which data are collected.
Doing business in Europe will require privacy protections to be enhanced, new data security measures to be implemented, data collection practices to be changed, and policies and procedures to be updated. Legal teams must then assess GDPR compliance.
The GDPR impact on business practices is likely to be considerable for many companies. The time taken to perform risk analyses, assess policies and procedures, find and implement security solutions and update privacy policies will be considerable. Leaving GDPR compliance to the last minute is likely to see the deadline missed. That could prove to be very costly or even catastrophic for many businesses. Failure to comply with GDPR regulations can result in a fine of €20 million or 4% of global revenue, whichever is the greater. Non-compliance simply isn’t an option.