A list of “costs and unintended consequences” of GDPR after one year:
Compliance costs are astronomical
Prior to GDPR going into effect, it was estimated that total GDPR compliance costs for US firms with more than 500 employees “could reach $150 billion.” (Fortune)
Another estimate from the same time said 75,000 Data Protection Officers would need to be hired for compliance. (IAPP)
As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. (Joseph O’Connor)
Microsoft had 1,600 engineers working on compliance. (Microsoft)
During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules (Quartz)
However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” (The Washington Post)
“About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” (The Washington Post)
Other reports claim that GDPR does not require removing name tags from buildings, but it is telling that ambiguity in the law caused the Vienna housing authority to believe it did (derStandard)
GDPR After One Year: Costs and Unintended Consequences (via Marginal Revolution)
Does anyone feel better protected?