In our July 12th blog post we shared the compliance status of 600 US, UK and other EU respondents. We also reported that 68% of the respondents have spent more than six figures already on GDPR compliance and that 67% expect to spend an additional six figures by the end of 2018. The research showed us that becoming GDPR compliant is an expensive endeavor.
But did the 600 companies surveyed devote those large GDPR budgets due to the fear of heavy GDPR regulatory fines and litigation costs? Key findings from the research show that not to be the case. For the US, UK and EU respondents, the most important reasons they cited for becoming GDPR compliant was to meet customer and partner expectations and to support their company values. Avoiding fines or lawsuits as a motivating factor was roughly equal to the need to meet company internal reporting requirements, in a fourth position in the ranking.
Even when comparing the responses of respondents in the legal department as compared to information technology respondents, both groups ranked meeting customer expectations and supporting company values as their two top reasons for investing in GDPR. For legal respondents, the #1 motivation was supporting company values, while for IT respondents, the top motivation was meeting customer expectations. IT respondents were a bit more concerned about GDPR fines (at 43%) than were legal respondents (at 34%).
The above rankings of priorities appear to have been thoughtfully considered at the highest levels of the respondents’ companies. Indeed, the research showed that the overwhelming majority of the respondents currently report on GDPR compliance to their company’s board of directors or executive management team.
GDPR compliance has commanded significant budgets and executive-level attention at the companies we surveyed, all with the primary goals of meeting the expectations of the companies’ customers and partners and maintaining the companies’ reputations.