The European Union's General Data Protection Regulation (GDPR) is not the only set of regulations companies need to juggle, although for 90% of companies it will be the most difficult compliance standards to reach, according to a Ponemon Institute benchmark study. For half of companies, individual U.S. state laws and PCI DSS regulations were also considered among the most difficult regulations to become compliant with.
But compliance is more cost effective for companies than non-compliance, according to the survey of functional IT leaders. Compliance costs, or those relating to maintaining or meeting compliance standards, cost around $5.47 million for a company, while non-compliance costs, including fines, business disruption and losses in productivity and revenue, cost around $14.82 million.
Organization is important, and centralized data governance can save a company around $3 million in compliance costs, according to the study.
Regulations in the U.S. alone can be difficult for a company to keep up with, and multinational companies have even more rules to follow. Many IT leaders are finding international red tape is causing "digital fragmentation" and heavy business costs.
The upcoming GDPR is expected to be especially impactful given its international scope and heavy fines. And for companies, there is no clear path to compliance. Data processors and controllers will soon be responsible for knowing what individual the data they have is tied to and accountable to these individuals for newly codified data rights.
An effective security posture is critical for companies chasing compliance, but adapting to a changing workforce and new technologies means compliance will always be an ongoing process.