How GDPR Compliance Can Save You Money

As January comes to a close, reality begins to sink in that 2017 is the final full calendar year to achieve GDPR compliance. Based on recent predictions from industry organizations, it’s a case of “now or never” to begin preparations.

Even in 2017, most UK businesses are still unaware of how GDPR will affect their businesses –– a clear display of negligence regarding how much money is at stake when organizations are non-compliant.

Some privacy pros find it difficult to sway a C-suite that cares more about their bottom line than their privacy programs, so for those without in-house privacy champions, it may be time to appeal to the organization’s finance chief with a case for how GDPR compliance can save you money in the long-term.

There are, of course, financial penalties associated with non-compliance –– up to €20M or 4% of a company’s annual turnover (whichever is higher), but it’s the data breaches themselves that pose the most significant financial risk to an organization.

It’s not just excessive penalties that affect a business’s profit margin, it’s the additional capital they must spend to repair the damage caused by a privacy or security breach.

These two arguments may be enough to urge a CFO to prioritize data protection efforts, but if the threat of a potential data breach or costly fines isn’t enough, one could posit that it makes the most financial sense to build privacy into the fabric of an organization, instead of trying to “rewire the whole house” when it’s too late in the game to make a difference.

Getting early buy-in for a Privacy by Design approach can spare businesses the cost and inconvenience of removing or redesigning systems that don’t comply with privacy regulations.

Another cost (and risk)-saving tactic is to review an organization’s privacy policies, PIAs, data maps or inventories, and risk assessments to identify data inconsistencies and determine who’s responsible for them.

“An up-to-date data inventory can also serve as the basis for a data disposal program that can dramatically reduce storage costs by identifying and eliminating all data that has no legal, regulatory, or business value,” suggests Heidi Maher, Executive Director of the Compliance, Governance and Oversight Counsel (CGOC).

If GDPR readiness is a priority for your business, click here to download our GDPR white paper to find out how OneTrust can help.