• by Ray Schultz , Columnist, December 11, 2017

Forget all that talk about companies ignoring the EU’s General Data Protection Regulation (GDPR). On the contrary, they are spending large sums to comply with GDRP and with the EU’sePrivacy directive, according to a study by Forrester, sponsored by Evidon, a provider of compliance services.

OF 263 firms surveyed -- all of which are active in Europe -- 48% have set an initial establishing budget of over $1 million, and 58% will devote that much to annual maintenance. And 67% expect those budgets to go up.

In addition, 72% have been preparing for GDPR a year or more, and 57% have been preparing for ePrivacy. And the result is that 39% have a digital governance strategy in place, and 35% expect to have one by next May, when GDPR takes effect.

But they expect benefits from these efforts, including improved customer satisfaction (35%), increased customer loyalty (34%) and improved brand perception (32%). In most cases, the techies will be mostly responsible at first, but that will spread out to the entire firm. 

As for spending, 15% have an initial budget of more than $5 million, and 27% will spend that total on annual maintenance. At the lower end, 24% will spend $500,000 or less on setting up and 10% on maintenance.

But this isn’t about money spent on technology: Many firms expect their corporate cultures will change. 

For 48%, the biggest shift will be more emphasis on privacy by design. And 36% expect that their cultures will now be organized around privacy.

In addition, 40% foresee a more disciplined approach to the marketing stack, and they also plan to be more diligent with vendors. 

Of those polled, 65% will audit vendors to ensure compliance, 64% will implement processes to gain visibility into third-party practices; and 60% say they wlll stop working with vendors that fail to demonstrate compliance. 

That said, many are worried about their abiity to protect privacy and provide meaningful customer experiences. It starts with balancing compliance with customer needs.

They cite the following challenges:

• Ability to balance compliance with exceptional customer experiences — 39% 
• Documenting compliance strategies on an ongoing basis —36%
• Managing third-party risk — 34%
• Ensuring that business leaders understand the limitations on data use — 33% 
• Monitoring activities on our digital assets to ensure compliance — 33%
• Maintaining privacy and data communication with users in a way that enhances their experience with the organization — 32%
• Aligning data privacy metrics with business objectives — 30%

Forrester and Evidon offer these suggestions:

• Create a cross-functional privacy working group
• Adopt privacy by design
• Make privacy a corporate social responsibility
• Create great experiences around consent and preference

 Forrester surveyed executives in the U.S., UK, France and Germany.