• by Laurie Sullivan  @lauriesullivan, April 11, 2018

New numbers out Wednesday on the cost for companies to implement the European Union’s General Data Protection Requirements (GDPR) compliance vary widely, depending on the industry and the number of employees.

While 80% of companies with between 1 and 9 employees expect compliance to cost their business under $50,000, 92% of those working at an enterprise of more than 1,000 employees expect GDPR compliance to cost their business more than $50,000.

Netsparker, a web security platform, on Wednesday released the results of a survey focused on GDPR, which is set to take effect May 25.

The survey of more than 300 C-level security executives -- conducted online by Propeller Insights on behalf of Netsparker in March 2018 -- found that 99% take GDPR much more seriously than HIPAA and PCI, despite the cost and internal reorganization involved.

GDPR aims to protect the European Union citizens' sensitive data from cybersecurity breaches using strict conditions on how organizations gather data and how it is managed.  

One in 10 said GDPR compliance will cost their business less than $10,000; about 36% said they will spend between $50,000 and $100,000; and 24% said their company will spend between $100,000 and $1 million. About 1 in 10 said GDPR compliance will cost their business more than $1 million.

Although 82% of companies currently have a data privacy officer (DPO) on staff, 77% plan to hire a new replacement before GDPR goes into effect. About 37% of businesses had to hire at least six new employees to achieve GDPR compliance, and nearly 1 in 5 had to hire at least 10 employees.

All those new employees are helping to achieve compliance as the deadline looms. Of those implementing GDPR compliance, 49% of companies are 75% of the way through the process, and 37% are halfway there. About 70% said they are confident that they will be fully compliant by the deadline, and only 2% said it’s unlikely that they’ll be ready in time.

In preparation for GDPR, 57% said their company re-engineered internal systems and procedures, 55% recruited new people to tackle compliance, and 48% re-engineered internal security teams.

Those working in healthcare and finance report seeing the most challenges to implementing GDPR compliance. Some 14T% of healthcare companies have only completed 25% of the GDPR process, and 7% are unlikely to be GDPR-compliant by May 25. Then another 21% of finance companies have only completed 25% of the GDPR compliance process, and 3% haven’t even begun the process

Security executives expect the technology industry at 53% will see the greatest impact, followed by online retailers at 45%, software at 44%, financial services at 37%, online services such as software as a service at 34%, and retail and consumer products goods at 33%.