What it will cost loyalty marketers to become EU data law compliant
The EU data law is due to come into effect in December 2017. Between now and then loyalty marketers will have to have to manage a heavy workload in implementing necessary change in order to be technically prepared.
Article by Dene Walsh, operations director of Verso Group.
For each company the cost of becoming General Data Protection Regulation (GDPR) compliant will vary, but there is no shortage of estimates designed to act as guidelines. However, 87 per cent of companies surveyed are unable to calculate the budget that will be required, and 82 percent of the 506 companies asked said they are unaware of their current spending on existing compliance rules.
A sizable minority believe there are no financial implication of any kind in preparing for GDPR. A representative of the Information Commissioners Office (ICO) said recently that there would be leeway for companies and other organisations that have made a recognisable attempt to be compliant, but not succeeded. Token efforts would not count.
One responder to the survey predicted that GDPR would cost their company £5 million to become compliant, and £1 million a year to maintain it. The Ministry of Justice produced research of its own that concludes the cost to UK business could be as high as £320 million a year, and £2.1 billion over fourteen years. These sums are countered by the belief that a greater emphasis on compliance regulations will save between £42m and £124m in fines imposed by the ICO.
A report for the Information Commissioners Office finds that to appoint a data protection officer to oversee compliance will cost between £50,000 and £75,000 annually, and for UK businesses of all types a total of £229 million. For SMEs it could add £182 million to salaries, and for larger companies £47 million.
The EU itself predicts the cost to European business will be £580m, and there will be a £2bn administration saving for pan European brands because multiple national data rules will no longer exist. This ignores the fact that regulatory authorities in each European country will have leeway to enforce and apply sanctions as they see fit, meaning marketers will still contend with different regulatory regimes with their own interpretations of the law.
Consumer facing financial companies are estimated to have to pay between £100,000 and 500,000 to become compliant, but just as important is the loss of revenue created by a failure to obtain the new higher level of opt in consent from consumers, which will lead to losses of revenue running into tens of millions.
Other big data users, such as the utility, grocery, e-commerce and IT sectors will also face major compliance challenges. The report claims charities and membership organisations may find fundraising impossible, and extra revenue will have to be found by them to cover a necessary increase in telemarketing.
In the data sector itself the Direct Marketing Association believes tighter regulations on consent could lead to a 50 percent fall in turnover for list brokers, and a similar drop in business for data cleaning services.
Data companies could face a one off cost of £500,000 for system development in order to meet consumers ‘Right to be forgotten’ and subject access fees. Data portability will cost another £100,000 in system changes.
Digital advertisers still require clarification on how pseudonymous data will be treated within GDPR. If the law goes against their interests the Internet Advertising Bureau believes there will be a £633 million a year loss in advertising revenue.
Most companies that employ 250 people or more, and those with more than 100,000 consumer data files, already have a job position focused on compliance. The cost to train them on GDPR will be £7,600.
Whatever the costs will really be the cheapest way to tackle GDPR is to start preparing as soon as possible. The later it is left the more expensive and disruptive it will be, and the 14 months in which to prepare will not be enough for some companies.
After December 2017 the ICO could come knocking at anytime, plus members of the public may be given the right to claim damages for misuse of their information. A PPI style claims bonanza is something loyalty marketers could do without.