The California Consumer Privacy Act (CCPA) went into force this week, but enforcement will be delayed for six months. “We’re going to help folks understand our interpretation of the law,” said California Attorney General Xavier Becerra. “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”
“CCPA marks an important step toward providing people with more robust control over their data in the United States,” wrote Microsoft’s Chief Privacy Officer Julie Brill. “It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”
CCPA requires firms to be transparent in how they collect and use consumer data. Individuals also have the option to block sales of personal data. However, “Exactly what will be required under CCPA to accomplish these goals is still developing,” wrote Brill.
Microsoft supports a national privacy law which cover “more robust accountability requirements” including minimizing data collection, transparency around how data is being used, and “making them more responsible for analyzing and improving data systems to ensure that they use personal data appropriately.”
Facebook is hedging, saying “we do not sell people’s data” without acknowledging that its business is based on monetizing member data and that it has a poor history of controlling partner data collection on its platform.
Salesforce CEO Marc Benioff called Facebook the “new cigarettes for our society,” which undermines societal trust. On CNN’s Reliable Sources, Benioff called for Facebook to be regulated or split up. “They’re certainly not exactly about truth in advertising. Even they have said that. That’s why we’re really in squarely a crisis of trust, when the core vendor themselves cannot say that trust is our most important value. Look, we’re at a moment in time where each one of us in every company has to ask a question: What is our highest value?”
“I expect a fundamental reconceptualization of what Facebook’s role is in the world,” continued Benioff. “When you have an entity that large with that much potential impact, and not fundamentally doing good things to improve the state of the world, well, then I think everyone is going to have it in its crosshairs.”
Artesian Solutions, the UK Sales Intelligence vendor, has been teasing its Artesian Risk and Compliance Hub (ARCH) compliance service for over a year. The new offering, now Generally Available, “enables relationship managers, underwriters and frontline teams within banks, insurance companies, and other financially regulated industries to quickly assess and better understand their corporate clients at the start of the customer journey and throughout the life of the customer.”
Financial services generally perform KYC / AML (Know Your Customer / Anti-Money Laundering) processing during onboarding, but ARCH moves initial processing to frontline staff at the top of the sales funnel before a client is signed. This “distributed compliance,” helps expedite the process, sets client expectations when processing may take longer than normal, and allows relationship managers to avoid prospects that will have arduous compliance processing or which may not meet the institution’s “appetite.”
flags risks which may require additional information from the client. By
flagging them at the outset, the RM can request the missing data before it delays
ARCH performs event-driven reviews which begin before onboarding and continue through the life of the loan or policy. Thus, KYC is no longer subject to periodic reviews but is performed dynamically as new information about the client is ingested by ARCH. Instead of client reviews determined by the calendar, events can trigger full client reviews as needed.
ARCH supports commercial insurance policy writing “with a combination of data and sophisticated rules, bringing efficiency, consistency, and accuracy so that underwriters can focus on underwriting. Decisions can be recorded whilst both justified in the future and used for decision analysis and pricing optimisation.” Artesian’s fine-grained taxonomy and assisted machine learning help to identify potential underwriting risks “according to the predetermined definitions of an insurer.”
moving compliance reviews to front-line workers, commercial insurers can
perform a KYC check and risk evaluation prior to quoting a policy. “One
reason for using it is that they might want to look at what gets declared to
them by the new customer compared to what they can see from ARCH,” said
Artesian VP of Risk Solutions Matt Elsom. “To do that they can have a
look at some of the fraud-focused data sources and financial data.”
survey by Fenergo of global financial services executives found that poor
onboarding negatively impacts client experience and reduces the lifetime value
(LTV) of clients. 36% acknowledged losing customers due to onboarding
issues and 84% tied the onboarding experience to reduced LTV.
Figure 2: “The Cost of Poor CX,” Fenergo, January 2019. N=250 global Financial Services executives (Source: Artesian Solutions)
noted that KYC compliance team workloads have “grown beyond all expectations”
due to the availability of international ownership linkages and ultimate
beneficial ownership data. “The overall effect of this is an MLRO [Money
Laundering Reporting Officer] and board being put under pressure to reduce
onboarding delays whilst maintaining adherence to regulation – and the only
effective solution has been to recruit more compliance analysts. The cost
associated with this approach has become unsustainable as the work queue
continues to grow simply to maintain current levels of new business.”
to Artesian, “ARCH is not only an innovative new technology, but a huge leap
forward in the drive for ‘distributed compliance’ – the ability for central
teams to distribute KYC and AML tasks to their frontline colleagues who are
best placed to engage with the client and solve issues in the fastest, most
productive way. It places compliance and powerful risk data at the heart
of the business – front of mind for every member of staff, informing every
decision, instructing every interaction and shaping every relationship from
pre-screening prospective new customers through to ongoing tracking and
long-standing client development.”
“configurable decision engine” monitors real-time credit risk and KYC data sets
and applies bank or insurer policies to the compliance decisions. Each
client determines which data sources to ingest and “applies custom policies to
that combined data in the form of multi-dimensional rules” which are screened
and interpreted based upon institutional policies. Flagged issues are
delivered through a browser interface or loaded into other compliance systems
via an API.
“We have the great privilege of serving 80% of the UK’s major banking institutions, providing powerful sales engagement insights to relationship managers. We asked what we could do to make our software even more useful and the answer was ARCH. Almost two years of engineering and millions of pounds later we’re announcing ARCH’s general availability for customers. We believe this puts Artesian in a unique position to be able to combine customer engagement capabilities together with credit and risk in one single application delivered through a browser or mobile device.”
We’ve built a strong team of specialists to extend our core competencies and have worked closely with our key partners at Experian, LexisNexis, and Refinitiv (Thompson Reuters) with more partnerships to come. This allows our customers to select the data sources they already rely upon and trust and easily integrate them into ARCH”
Artesian Solutions CEO Andrew Yates
a beta test with a top UK bank, ARCH decisioning was fully consistent with
existing bank processing while flagging 14% more “critical risk” issues than
current bank processes. ARCH also reduced average case time from two
hundred minutes to eight, “allowing relationship managers to know more, know
sooner and save time – enabling them to focus on delivering a better customer
recently added ARCH to its eleven-week incubator program Scale InsureTech which
is “aimed at identifying and developing fast-growth technology companies in the
financial services clients include RBS, Barclays, HSBC, Lloyds Bank, EY, and
North American sales intelligence firms do not normally support client onboarding and risk assessment, but UK and European firms support these functions due to a richer set of registry data. European vendors such as DueDil, Bureau van Dijk, and Artesian support sales, marketing, and regulatory compliance.
As GDPR hit its first anniversary on Saturday, Microsoft once again called for a US privacy law which shifts the onus of data privacy from the individual to corporations. Today, Americans operate in an opt-out regime which requires them to find and manage their privacy settings.
places an unreasonable — and unworkable — burden on individuals,” wrote
Microsoft’s Deputy General Counsel Julie Brill. “Strong federal
privacy should not only empower consumers to control their data, it also should
place accountability obligations on the companies that collect and use
sensitive personal information.”
Microsoft prefers a single federal standard to piecemeal state-level laws such as California’s CCPA. Brill said the legislation should be interoperable with the GDPR to help reduce the “cost and complexity of compliance.” This framework should reflect ”the changing understanding of the right to privacy in the United States and around the world.” The proposed legislation should “uphold the fundamental right to privacy through rules that give people control over their data and require greater accountability and transparency in how companies use the personal information they collect.”
American businesses, interoperability between U.S. law and GDPR will reduce the
cost and complexity of compliance by ensuring that companies don’t have to
build separate systems to meet differing—and even conflicting requirements—for
privacy protection in the countries where they do business,” said Brill.
eMarketer analyst Ross Benes, the US ad industry has shifted from a call for
self-regulation to supporting national privacy regulations, fearing ”a
patchwork of different rules” as “legislation looks increasingly inevitable.”
A TrustArc/Ipsos survey of UK adults (16 – 75) found a 36% improvement in trust concerning personal data since GDPR went into effect.
A Snow study found that 39% of global business professionals believe their data is better protected since GDPR passed, with the biggest increase in the APAC region (48%). 40% of Europeans also believed their personally identifiable information is more secure, but only 30% in the US held the same belief.
74% of surveyed professionals believe that the technology industry needs more regulation with 83% of APAC and 72% of US respondents wanting additional tech regulation.
The EU has yet to strictly enforce the law with only one large fine ($56M) versus Google in France. However, Google and the social media and advertising companies are all subject to ongoing suits:
The latest investigation — the first by the Irish watchdog into Google — brings to 19 the number of open cases by the regulator targeting big U.S. tech companies. They include probes into Apple Inc., Twitter Inc., eight probes into Facebook Inc., plus one into Instagram and two into WhatsApp.
Los Angeles Times, “Google could face hefty EU fine over possible privacy violations,” May 22, 2019
important to recognize is that the EU is taking GDPR very seriously, with fines
being established for any breach,” said Ben Feldman, SVP of strategy and
innovation at NYIAX. “I would expect that the first six-to-nine months of
any new regulation action would be spent working out the kinks and processes of
implementation. It is quite likely that we will see more fines in the
At their Rainmaker 2019 conference, SalesLoft announced a doubling of their partner ecosystem, mobile functionality, a rebuilt analytics engine, and a hot leads feature, and expanded CRM connectors. The show attracted 1,300 attendees to hear 164 speakers.
SalesLoft released an iOS mobile app that allows users to place digital calls through the SalesLoft platform. Calls are directed through a Twilio dialer and then analyzed by SalesLoft. Post-call automated features include automated transcription and indexing, call analytics, and CRM sync. Thus, if the rep places a call on the road, she will have a fully transcribed, indexed, and analyzed call when she returns to the office.
to making the call, the user can set one-sided recording or local number calling.
Users can also add new contacts to cadences and will be notified when
prospects engage with a cadence. An activity stream is on the mobile app
inbound calls, the rep can quickly enter call notes which are synced to the
are no immediate plans for an Android app.
“I believe sales is about relationships and sales engagement is essential to building those relationships. Through data science, meeting intelligence and efficient account-based workflows, SalesLoft lets you focus on what matters most: building relationships and solving customers’ problems.”
SalesLoft VP of Product Butler Raines
is implementing a new reporting framework with an event-driven architecture
which supports an open data API. Two reports, a Cadence Performance
report and an Account Report, have already been rolled out. The framework
supports configurable dashboards which can be quickly built with advanced
analytics and visualizations using Business Intelligence tools. Sales Ops
can also build real-time reports and dashboards within Salesforce.
SalesLoft is extending machine learning and AI into its platform. For example, SalesLoft machine learning tools detect the prospect’s position and level at a firm and selects the optimal persona-based cadence. A new Hot Leads feature prioritizes prospects based on content engagement and website activity.
SalesLoft, which has long supported Salesforce, will be adding connectors for Microsoft Dynamics and SAP.
“We have seen a sizeable increase in CRM demand beyond the Salesforce ecosystem. SalesLoft is excited to enable organizations running on SAP C4C and Microsoft Dynamics to better serve their customers.”
Sean Kester, SalesLoft VP of Platform Strategy
SalesLoft will be regionalizing its data hosting by region or usage. “This not only allows for customization (for example, keeping data that originates from the European Union in the EU) but also improves security and platform performance,” blogged the firm. “Whether it’s through regulation compliance, security-minded development, or thought leadership, SalesLoft looks to partner with our customers for mutual success.”
SalesLoft announced a set of additional partners available through their app directory. I will discuss these on Monday.
Artesian Solutions CEO Andrew Yates published a year-in-review blog and a preview of their upcoming Artesian Risk and Compliance Hub (ARCH). The new ARCH capabilities will extend their social selling platform into Know Your Client (KYC) reviews at UK banks. ARCH is in early testing.
ARCH leverages Artesian capabilities around interpreting structured and unstructured data ”to create useful flags and to drive appropriate actions.” Artesian already is on the desktop of relationship managers (RMs) at most of the major UK banks. “This puts us in a unique position to make insights regarding financial and KYC risks available to the front-line as a pre-screen, to ensure that corporate banking relationships begin with an appropriate understanding of risk.”
supports an automated audit trail and storage of evidence. Early tests
found ARCH to be “100% accurate in reflecting policy in pre-screening.” Arch
also reduced the time spent in gathering risk assessment data by 90% and
identified 14% more risk issues compared with manual processing.
a pre-screen at the front-end of client discussions, RMs can focus on new
clients that will pass muster during the onboarding review process. This
process makes both relationship managers and compliance professionals more
effective. RMs will no longer be spending time with prospective clients
that won’t pass compliance review while compliance professionals can focus
their attention on more complex reviews which require their skill and
“ARCH gives companies control of a sophisticated decision engine to enable data being accessed to have rules applied and flags created. It means that Relationship Managers can see a summarised view of what their central risk teams assessment of a potential client would be, before spending time and money engaging with them. The automation aspect of this is fundamental as it brings efficiency, consistency and control to the areas it transforms.
But more than that, it places compliance at the heart of the business – front of mind for every member of staff, informing every decision, instructing every interaction and shaping every relationship from pre-screens for new customer prospecting through to long-standing client development.”
Artesian CEO Andrew Yates
McKinsey research which notes that the risk function at financial institutions
is being transformed “with the detection, assessment, and mitigation of risk” being
transferred to all employees by 2025.
Risk and Compliance tools are a greater focus amongst European sales intelligence firms due to the availability of private company registry data. While US private companies provide only minimalist filings with Secretaries of State offices (with a few exceptions in insurance, banking, and nonprofits), UK company registration data includes directors, shareholders, and financials. Other UK compliance data includes sanctions lists, Politically Exposed Persons (global government officials and relatives), disqualified directors, gazettes (shuttered business and those in receivership), and traditional credit reports. Vendors such as Artesian, DueDil, and Bureau van Dijk have recently emphasized compliance and risk tool development over sales intelligence offerings.
reached 30,000 users in 2018 with their user base tracking over 800,000
companies. According to Yates, Artesian customers “have received 12.5
million actionable insights, 2.5m unique computational matches each week,
automated the equivalent of 2 trillion Google searches per week (13bn per
hour), and have made 523,813 useful connections using Artesian data.”
staff provided over 350 training sessions, webinars, and workshops to more than
3,000 users in 2018. Artesian Academy delivered an additional 1,200
multi-media tutorials, certification modules, role-based tips, and social media
best practices overviews.
DiscoverOrg continues to rollout additional datasets to meet the needs of sales and marketing professionals that target specific corporate departments. The latest dataset focuses on legal and compliance departments, complementing datasets for technology, sales, marketing, HR, finance, and the executive suite. The new dataset meets the same standards of coverage and quality as previous datasets (e.g. 95% accuracy guarantee, 95% email fill rates, 90-day refresh rate). Along with executive bios and contact information, users will enjoy compliance department org charts, installed technology, and buying signals.
“Companies selling into legal and compliance functions have become okay with buying inaccurate, outdated contact data and sales intelligence tools—some in actual book form. And until now, legal and compliance companies had few other options. DiscoverOrg is changing that and bringing a solution to the market that is robust, high quality, and designed to allow these organizations to build their businesses around.”
Chief Growth Officer Katie Bullard
“Lack of access to contact data has prevented engagement with in-house legal teams at corporate entities,” said the firm. “Many companies outsource legal services to 3rd party firms, but the largest 20% of corporates manage most legal matters in house. The Legal and Compliance dataset enables legal technology and legal services companies to systematically reach this untapped buyer group – to position a technology solution or be the vendor of choice.”
DiscoverOrg is “already seeing high demand” during their soft launch window and have signed several “high-profile legal technology companies.” The dataset is designed for Legal Services companies, Law Firms, and Staffing and Recruiting firms looking to place Legal and Compliance talent.
Coverage spans 150,000 legal professionals across 25,000 organizations constituting “the largest and most complex legal departments and the largest law firms.” Corporate titles include General Counsel / Chief Legal Officer, Legal Operations, Compliance, Government Affairs & Relations, Litigation, IP, Contracts, eDiscovery, Risk Management, Governance, and General Counsel Executive Assistant. Titles at legal services and law firms include C-Suite / Partners, IT, Finance, and Legal staff. Also included are legal representatives at federal, state, and local government entities. Data Security Officers can be found in the IT dataset.
“Ten years ago, DiscoverOrg completely revolutionized the way IT companies prospected, and we’ve now brought that sales and marketing revolution to the rest of the market,” said CEO Henry Schuck. “Companies outside of IT have become okay with buying inaccurate, outdated contact data and sales intelligence tools—some in actual book form. That is not okay, but until now, legal and compliance companies had few other options. Today we are changing that and bringing a solution to the market that is robust, high quality, and designed to allow legal and compliance companies to build their businesses around.”
In 2017, the DiscoverOrg database roughly doubled its contact coverage to three million biographies with emails, direct dials, organizational position, and responsibilities. DiscoverOrg also expanded its company coverage by 50% to 125,000 global entities. The growth was bolstered by the acquisition of RainKing at the end of August. The firm has a team of over 300 researchers responsible for building and maintaining datasets. DiscoverOrg is used by sales, marketing, and recruitment teams at over 4,000 firms.
I came across some excellent tips from Johnty Mongan, Managing Director of The Mongan Group concerning the new European sales environment post-GDPR. Selling in Europe will be trickier in May as reps need to obtain opt-in approval
Mongan provided the following advice:
GDPR is about protecting our interests from unlawful behaviour. GDPR removes the unwanted cold calls, email campaigns and any other processing that we haven’t agreed to. A transparent and fair existence for all. I really like it, it fits with my karmic views of the world.
It won’t how ever stop marketing activities through publicly available information, like a company email or a company number…
It’s time to go old school… here’s what you can do to reach new customers in a lawful and GDPR way:
Get consent from current customers to continue marketing to them. Do it in an engaging way. That’s a must.
Provide explicit consent of your intentions to all new prospects when luring them in with shiny content. For example, download this form so I can phone you. That’s a must.
Go to the events your customers go to, get over yourself and introduce yourself. That’s a must.
Hold your own events.
Get more business cards…. they are not as useless as you may think.
Offer referral schemes to current customers. You should do that anyway.
Market your services within ethical channels. Where you customers go, you go
My list goes on, but it all centres around building clear authentic relationships. This is a good thing because most “sales” are won on the back of authenticity and trust. I see leading the charge with GDPR compliant sales processes a fantastic way to demonstrate your intentions.
So basically, what’s old is new again. While marketing needs to be particularly attuned to GDPR, sales reps also need obtain permission.
Data automation vendor Openprise announced support for the EU General Data Protection Regulation (GDPR) which goes into effect on May 25th. The new Openprise Data Orchestration Platform capabilities provide “visibility, control, and access management inside and outside of a company, without the added complexity of traditional compliance solutions.”
The GDPR specific functionality “controls the flow of EU data out of your company” via “fine-grained data filters and permission roles,” and flags leads and contacts which are subject to the GDPR even if the records lack country flags. The firm performs checks based upon emails, IP addresses, phone numbers, and non-standardized country fields. Both standard and custom fields in sales and marketing automation platforms are GDPR validated. Openprise maintains an audit trail and logs records which have been processed by partners.
The firm noted a Catch-22 in GDPR regulations. Enriching records that lack country designators may require enrichment from non-compliant datasets, violating the law. By utilizing data from within the record (e.g. domain, phone numbers), Openprise avoids violating the law in order to support the law.
“The vast majority of US-based companies are woefully unprepared for GDPR, and this new set of regulations has teeth. We’ve heard from our customers that they want a central control point to help maintain compliance with GDPR. Openprise’s position in the MarTech stack as the conductor that manages the movement and processing of data across systems puts it in a unique position to serve as this control point.”
Openprise CEO Ed King
The GDPR is broadly written to cover data held by non-EU companies, even those without operations or sales staff within the EU. Penalties can be quite high, reaching up to 4% of revenue or €20 million, whichever is greater.
“What’s so critical about GDPR is that it affects companies everywhere in the world, whether they have a presence in the EU or not, and unlike many other regulations, this one has teeth,” says Allen Pogorzelski, vice president of marketing at Openprise. “If you’ve got EU citizen data in your databases, you’re subject to GDPR regulations. U.S. companies that ignore these regulations do so at their own peril.”
This summer, Openprise launched a Data Marketplace to assist with ingesting and normalizing third-party B2B and B2C data. Amongst the platforms supported are Salesforce, Marketo, Eloqua, and Pardot. The Data Marketplace, part of the Openprise Data Orchestration platform, includes built-in rules to ensure data are properly onboarded. B2B Partners include Zoominfo, InsideView, Orb Intelligence, Synthio, Salesgenie, and Dun & Bradstreet.
European company research firm DueDil rolled out a set of enhancements spanning list building, list analytics, compliance validation, and their API. DueDil’s products are used for sales intelligence, company research, and onboarding Know Your Client (KYC) / Anti-Money Laundering (AML) compliance checks.
DueDil added four Ownership search filters to assist with targeting firms with concentrated shareholdings “ripe for takeover.” The new screens include Total Shareholding Count, Individuals Count, Companies Count, and Shareholder Name.
The firm rolled out interactive lists which build upon their list capabilities. “Interactive List Reports offer a unique way of mapping whitespace and identifying new prospects, based on high-performing segments identified in a List Report,” said Product Marketing Manager Sam Hockley. “By accessing a customer list in Report view, common traits and trends are visualised, and the characteristics of quality customers can be easily identified.”
Users can now view any List Report segment in Advanced Search, surfacing the companies and related criteria. Users can drill down on segments to research anomalies or focus on size brackets within the list. The functionality can also be used to display similar companies while suppressing the original list, providing a tool for expanding the pool of ABM candidates.
Both the browser and API now support compliance checks including Politically Exposed Persons (PEPs), sanctions, fraud warnings, and adverse media. These checks are part of standard KYC / AML onboarding steps. The Adverse Media Check includes Gazette Status (receivership, shuttering a business) and County Court Judgments. Politically Exposed Persons lists identify government officials and close family members to flag funds which could be related to bribes, kickbacks, and money laundering. Sanctions lists flag individuals associated with terrorism, trafficking, and money laundering.
“Conducting these checks with DueDil allows businesses to identify any and all linkages of corporate ownership and associated individuals. As a result, when a check is run against a specific entity, that check can be extended to all of these related parties, returning any flags or sanctions across the entire group. Advanced datasets reveal the ultimate beneficial owner of a business and enable checks for PEPs and any sanctions levied against a business,” said Hockley.
DueDil performs KYC/AML checks against both businesses and individuals. People checks are performed in conjunction with Callcredit.
DueDil also recently launched API support for webform auto-population and enrichment.
On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU. The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain. The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.
According to Forrester, the regulation has five key requirements:
If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO). The function may be filled by individuals with legal, privacy, security, marketing, or customer experience. The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers. The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption. They will also be involved in purchasing decisions around CRM, analytics, and other platforms.
Should a data breach occur, firms have a-72 hour window for reporting breach details to the authorities and customers. The window begins as soon as the breach is detected.
Privacy must be built into any new projects with a “Privacy-by-design” philosophy. Forrester stated that “sustained collaboration between teams will be critical, so firms will have to establish new processes to encourage, enforce, and oversee it.” For example, privacy officers will need to review business requirements and development plans related to new apps.
Extraterritoriality places requirements on firms outside of the EU, making it a global requirement. Forrester notes that “a US-based data aggregator that collects and resells EU customers’ data to other business partners will need to comply fully with GDPR requirements, rather than simply meeting international data transfer rules.”
Firms will be responsible not only for securing data but providing evidence that they have implemented appropriate risk mitigation. Thus, a firm can be held in violation even if they have not had customer complaints or data breaches.
US companies are still obligated to comply with the 2016 Privacy Shield agreement between the US and EU. Forrester also warned UK firms to comply with the GDPR as lowering British privacy standards would only serve to complicate UK-EU data transfer rules post Brexit.
Forrester suggested that firms take a cost-benefit analysis to data instead of simply storing everything:
“Firms will learn to better assess the costs and benefits of records they process, store, and protect. They will progressively focus on collecting, buying, processing, storing, and protecting only the data that offers them the most value and will kill the rest.”
Forrester also suggested that privacy should be part of a firm’s DNA and some firms will integrate privacy into brand perception and the customer experience, providing a basis for competitive advantage.
Osterman Research conducted a survey of mid to large companies subject to the law to identify technology expenditure increases for GDPR compliance.
GDPR non-compliance costs are potentially very high with penalties up to the greater of €20 million or 4% of total worldwide annual turnover of the preceding financial year.