Mixed reaction as to business benefits of GDPR
A survey from consulting firm PwC has found that there is a mixed reaction as to the benefits of GDPR.
Just over half of the roughly 100 respondents from businesses said that they see real business benefits emerging from GDPR compliance, but a sizeable proportion (49pc) still see no benefits arising, which PwC said was disappointing.
GDPR will be directly applicable in all EU member states from May 25. The EU-wide regime updates and overhauls European data protection law, and all companies that process the data of EU residents are obliged to comply with the new requirements.
Businesses or organisations could face fines of up to €20m or 4pc of annual global turnover for non-compliance.
Describing it as "concerning" that nearly one in two respondents still see no real benefits of GDPR, Pat Moran, PwC’s cyber leader, said that there are several benefits of being GDPR compliant.
"It is good responsible business practice to hold personal data with care, know why you have it and delete it if it is not needed," Mr Moran said.
"Not only will your organisation have a cleaner data set, being GDPR compliant will ensure personal data is protected and secure and will reduce the risk of a data breach and consequent possible reputational damage."
- Read more: Directors worried about data law cost
According to the survey, some of the most difficult aspects of preparing for GDPR compliance include awareness of the consequences, interpretation of some aspects of the rules, clarity around the requirements, and new software and additional training.
In addition, respondents pointed to a lack of clear direction and guidance.
On the other hand, benefits listed included reputation and good governance, enhanced security practices, and improved communication with customers.
Of those surveyed, four out of ten said that they have already invested up to €50,000 in relation to GDPR compliance, with a similar proportion saying that they have invested between €50,000 and €500,000.
"Getting ready for GDPR is essential and required by law. While it may also be a costly exercise, especially for many SMEs, penalties for non-compliance will be far greater," Mr Moran said.