The Financial Times reported that Tech companies are already counting the cost of sweeping EU rules on data protection that will not be introduced until next year. A Financial Times survey revealed that the sector is scrambling to hire new staff and redesign products as it faces millions of dollars in higher costs and lost revenues. The FT contacted 20 of the largest social media, software, financial technology and internet companies with EU operations, about the bloc’s new General Data Protection Regulation. It comes into effect next May and will require businesses to adopt stricter standards for dealing with customer data. Facebook was one of three companies to say that initial compliance would cost several million dollars. Others said they faced having to hire extra staff and consultants to implement changes so that customers could delete information, or export it in a format compatible with rival services. Steve Durbin, Managing Director at the Information Security Forum [ISF] commented below.
Steve Durbin, Managing Director at the Information Security Forum [ISF]:
“The GDPR is the greatest shake up in privacy legislation that we have seen. It redefines the scope of EU data protection legislation and forces organisations, wherever in the world they are based, to comply with its requirements. Taking into account the overall cost of compliance, along with potential sanctions for non compliance which include fines of up to 4% of annual turnover, the GDPR will undoubtedly affect an organisations overall corporate risk profile. The proposed Data Protection Bill aligns organisations responsibilities with the expectations of individuals. It requires organisations to provide individuals with access to their personal data and then allow them to request that the data be corrected, moved to another service provider, or deleted altogether. This is key for the tech industry; regardless of potential cost, they must match the efforts of other industries to ensure the needs and wishes of its consumers are met.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.