Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

5/31/2019
01:45 PM
Connect Directly
Twitter
RSS
E-Mail

GDPR's First-Year Impact by the Numbers

The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
2 of 7

Enterprise Budgets Swell
One thing is certain, and it's that enterprises are funneling a lot of cash toward continued GDPR compliance efforts. Forbes reporting went so far as to call GDPR a '$9 billion business shakedown,' with industry sources such as IAPP and EY also reporting the average spend per organization reaching about $3 million, with half of that coming this year and beyond. The spending was spread out among a range of categories, including internal people-hours, outside legal counsel, consulting, employee training, and new technology.
Many experts expect the long-term budgetary impacts of sustained GDPR compliance to linger. The sustained spending will be particularly heavy in US companies that may not have had instituted certain privacy practices commonplace at European firms even prior to GDPR. According to IDC's Ryan O' Leary, the 'maximum impact' - spending on GDPR initiatives - in the US is actually expected in 2020. Meanwhile, another survey conducted by Thomson Reuters at the end of last year found about 38% of compliance budgets were dedicated to GDPR.

Image: IAPP and EY

Enterprise Budgets Swell

One thing is certain, and it's that enterprises are funneling a lot of cash toward continued GDPR compliance efforts. Forbes reporting went so far as to call GDPR a "$9 billion business shakedown," with industry sources such as IAPP and EY also reporting the average spend per organization reaching about $3 million, with half of that coming this year and beyond. The spending was spread out among a range of categories, including internal people-hours, outside legal counsel, consulting, employee training, and new technology.

Many experts expect the long-term budgetary impacts of sustained GDPR compliance to linger. The sustained spending will be particularly heavy in US companies that may not have had instituted certain privacy practices commonplace at European firms even prior to GDPR. According to IDC's Ryan O' Leary, the "maximum impact" spending on GDPR initiatives in the US is actually expected in 2020. Meanwhile, another survey conducted by Thomson Reuters at the end of last year found about 38% of compliance budgets were dedicated to GDPR.

Image: IAPP and EY

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/31/2019 | 3:08:59 PM
point of contention
I can understand the skepticism of EU citizens. If I were in that category what I would love to see is a holistic listing of all companies that deal with EU citizen data. Of those companies, what are they bound to from a compliance standpoint. Essentially if you create this as a high level diagram a citizen could truncate it down to businesses of interest and ensure that they are inline with consumer expectations.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16395
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.