Thinking about making cuts to your compliance budget? Think again. With General Data Protection Regulation (GDPR) set to take effect in May 2018, regulators are waiting to make an example of any violator — to the tune of over US$20m in penalties. Now is the time to make sure your organisation is prepared to navigate the new compliance environment.
Companies are more concerned than ever about non-compliance risks, and rightly so. Yet most aren’t spending enough. There’s no doubt compliance costs are rising, and companies will have to expand their compliance budgets to make room for the extra measures that new regulations demand.
Compliance costs on the rise, but non-compliance still far pricier
Source: Globalscape
Is it worth it? Data says yes, and with GDPR on the horizon, even more so. The cost of non-compliance is nearly three times more than the cost to comply, according to a new report sponsored by software developer Globalscape.
Compliance pays
“Today, protecting data is a critical necessity, not a nice-to-have option — especially when breaches like Equifax become regular headlines,” says Peter Merkulov, chief technology officer at Globalscape.
While complying with data protection regulations is expensive, non-compliance will cost organisations much more. According to the report, data non-compliance expenses rose 45 percent from 2011 to 2017, costing organisations with poor protection plans an average of US$14.82m annually in non-compliance costs — which is 2.7 times the cost of compliance itself.
Costs associated with non-compliance can include business disruption, productivity loss, revenue loss and significant fines, penalties and settlements. Data protection regulations are increasingly complex in nature. “As data becomes more valuable, the risk of data breaches, data loss, cyberattacks and insider threats becomes a serious and urgent issue,” Merkulov says.
Lowering costs
Another takeaway from the study: Companies can save money by spending more on core compliance activities such as audits, enabling technologies, training and expert staff. And by providing end users with guidance and the proper tools, chief risk officers can help ensure successful data protection regulation compliance.
Looking ahead
Investing in compliance will be critical for companies in the year ahead. “As we move into 2018, we’ll see more instances where businesses are working hard to achieve compliance, especially after GDPR goes into effect in May. This investment will consist of money, time and resources,” says Merkulov.