To be honest, GDPR is a very dry topic, consequently, it’s received precious little publicity. However, the changes are important; they will affect your business, and they aren’t that far away.
The work I’ve been doing has convinced me that most advisers are underprepared for the changes themselves, the cost of complying and the need to get up to speed, quickly. After all, the new rules will come in to effect from 25th May 2018. If a deadline isn’t enough to spark you in to action, higher fines, up to €20m or 4% of global turnover, will focus your mind.
How much will GDPR cost you?
That depends on a range of factors from the size of your organisation, your internal resources and knowledge base, as well as your current systems and processes.
Compliance will certainly take an investment of time, capital, or more likely both. But, it’s worth trying to expand on that with some approximate costings, for a typical three adviser firm, with an internal administration team. The first thing you need to do, is appoint someone in your team to take responsibility for ensuring your business complies with the new regulations.
While that won’t immediately hit your bank account, it will mean that individual is taken off other projects. The person responsible will probably need bringing up to speed with the new regulations. Your network or compliance support may offer training. If not, you’re looking at upwards of £2,000 for a classroom based training programme. You then need to start the process of complying with the new rules, including, as a minimum:
- An audit of your existing data
- The building of new processes for collecting, storing, processing and disposing of data
- An exercise to get continued consent for sending marketing emails
- Internal training on the new regulations
Of course, you could do this work yourself. However, I’m a big believer in expert advice and ‘only doing what only you can do’. So, I’d bring in a consultant to help.
I’d suggest that a day a month, between now and May 2018, would be sufficient to comply. Day rates are currently around £450; higher in London. On top of the initial compliance piece, the new rules may well be the trigger to invest in a CRM system that not only helps you to store and process data effectively, but also helps you to prove that consent (to use a person’s data) has been requested and freely given.
There might be unforeseen costs too. Your consultant may find other issues with your current security measures, both electronic and physical, which will need to be addressed.
Start planning now
With the caveat that every business is different; the cost of complying for a typical advisory business could run as high as £10,000. There may well be some unforeseen costs too. That’s money that I’m sure you would prefer to spend elsewhere. But with the threat of larger fines, the cost of falling foul of the new rules will hit both your bank account, and reputation, harder than complying ever will.