The survey reveals that the biggest allocation of budget set aside so far to comply with GDPR is for technology. The mean technology budget set aside for FTSE firms is £430,000 and for their Fortune counterparts it is $1 million. Despite these large sums of money being allocated, the research by law firm Paul Hastings revealed only 10 per cent of firms in the UK and nine per cent in the US have currently purchased new technology, meaning many firms have yet to start this potentially lengthy process.
Behnam Dayanim, partner and global co-chair of the Privacy and Cybersecurity practice at Paul Hastings said: 'Our research shows that, while large businesses are taking GDPR compliance seriously, there remain worrying signs that they may be falling short in planning for implementation next May. £430,000 or $1 million may seem a large sum, but, for many larger and more complex companies, it reflects a small portion of the technology and other costs that ultimately may be required.
The EU’s General Data Protection Regulation (GDPR) is coming into force in May 2018 and will affect any business which controls or processes the data of EU citizens, regardless of where the business is located. As part of the wide-reaching regulation, businesses can be fined up to four per cent of global turnover should they fail to comply with GDPR. Surprisingly, 17 per cent and 22 per cent in the UK and US, respectively, said there was no budget for third party legal support, something which will be important for businesses before and after GDPR is introduced.
Firms are also setting aside budget for additional permanent staff to meet regulatory demands. Of the FTSE firms surveyed, 40 per cent have set aside a budget of between £201,000 - £400,000 for additional permanent staff, and in the US 34 per cent have allocated between $501,000 and $1 million.