A new survey by the Financial Times has revealed that the tech sector is being hit hard by the forthcoming European Union General Data Regulations that are due to come into force on May 25, 2018.

As part of the survey, the Financial Times contacted 20 of the largest tech companies with EU operations (including social media, fintech, software and internet companies) and asked them about how they are getting on with compliance with the new General Data Protection Regulations.

Facebook  said that initial compliance with GDPR will cost in the region of several million dollars, with other companies saying that they faced costs such as having to hire extra staff and consultants to implement changes to make sure that they are compliant with new rules such as ensuring customers can delete information. For such big companies such as Facebook, although these costs are relatively minor in the grand scheme of things, GDPR could still end up being one of the most expensive piece of legislation ever to hit the sector.

“We have now assembled the largest cross-functional team in the history of the Facebook family of companies,” a spokesperson for Facebook said. “Dozens of people at Facebook Ireland are working full time on this effort. “Facebook Ireland’s data protection team will be growing by 250 per cent this year in order to support the GDPR . . . It is hard for us to put an exact figure on it, but when you take into account the time spent by our existing teams, the research and legal assessments and the fact that we have had to pull in teams from product and engineering, it is likely to be millions of dollars.”  

Many of these companies rely on monetised data, but the GDPR will radically change how this data can be collected, stored and deleted says Paul Jordan, European managing director at the International Association of Privacy Professionals. “Consumers are becoming increasingly sophisticated and wary of their privacy rights. At the heart of GDPR is consumer protection.”

Cloud companies will be particularly hit hard by the need to comply with the new European Union General Data Protection Regulations according to Duncan Brown, associate vice-president of European security at IDC. This is because until now, customer data has largely been the responsibility of data controllers (those that collect the info) rather than the data processors (those that service it).

“Cloud providers are severely impacted by this, because they are processing data for customers, whether they know it or not,” he said. “Until now, the nature of many cloud providers has been that they don’t want to know what data they have.”

Those companies that don’t comply with GDPR by May 25 2018 could see themselves being subject to some very large fines. Lesser incidents of non-compliance can be subject to a maximum fine of either €10 million (£7.9 million) or 2 per cent of an organisation’s global turnover (whichever is greater). More serious violations could result in fines of up to €20 million or 4 per cent of turnover (whichever is greater).