GDPR Compliance Cost Calculator
Use this calculator to estimate the cost of implementing the new European Union legislature related to handling of personal data - the General Data Protection Regulation (GDPR). Read more below on the methodology behind the calculations on GDPR compliance costs.
- What is GDPR?
- Sources for cost of compliance data
- Sources of prices for different products/services
- How to become GDPR compliant
What is GDPR?
GDPR is an abbreviation for the popular name of Regulation 2016/679 of the European Parliament and of the European Union Council, called General Data Protection Regulation. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and its stated purpose is to harmonize data privacy laws across Europe, to protect and empower all EU citizens with regards to the privacy of their data and to reshape the way organizations operating in the region approach data privacy.
If you are an average citizen or internet user, GDPR means that you will see more consent checkbox and legal terms that you will not read and just click so you can do what you want to do. The thing is, it will now cost you more to do the same things, buy the same products or use the same services, or their quality will deteriorate, since companies must recoup the costs for compliance with the GDPR, otherwise they will cease to exist. It will be just as it was with the so-called "cookie laws", but much, much worse.
The purpose of this calculator is to help you visualize the costs of this latest EU legislation in terms of lost productivity / productivity redirected to non-productive purposes. Instead of engineers, accountants, and legal experts working on solving real issues like producing food, appliances, gadgets, houses, or charity, they are now spending countless hours tackling issues that consumers do not want to pay them to tackle. How do we know this? Otherwise they would have been tackled already.
The cost of this new legislation becomes more vivid when expressed in terms of poor aid and of productive capacity lost by some of our brightest and hard-working individuals over this.
How do we estimate cost of compliance
The cost of compliance is a conservative estimate based on an amalgamation of source data from the EU and US Census bureaus, polls among company executives and estimations from top accounting firms. The estimate is coarse, but definitely conservative as it only accounts for the one-time cost of getting compliant but it does not account for any of the ongoing costs for staying compliant, including financial fines, litigation costs to dispute fines, reputational damages from GDPR-related fines and litigations, DPO (Data-Protection Officer) salaries and other personnel that would not have been hired/retained were not for the GDPR, decreased operational efficiency due to the higher amount of paperwork, etc.
For the US estimate ($41.7 bn) we used PwC 2017 survey data  on company expenses related to preparations for the European Union’s General Data Protection Regulation (GDPR). The survey covered 300 CPOs, CIOs, general counsels, chief compliance officers, and VPs in related departments at US, UK, and Japanese companies with a European presence (size 500+ employees). As a secondary source we used a Netsparker survey  of 302 U.S. chief executives, but it was less useful due to the unknown distribution of the survey participants. From it we mainly extracted data on the micro, small and medium businesses, as well as cross-referenced some of the big businesses data from PwC.
We extrapolated the results to 50% of US companies employing more than 500 people, and further guessed that about 10% of the rest of US companies would have reason to become GDPR compliant and assigned an average expense of $10,000 per company based on a conservative reading of . The number of active companies with at least one person on payroll in the US, as well as percentiles of differently sized companies is based on the U.S. Census Bureau 2015 County Business Patterns dataset .
For the EU estimate (€200 bn) we were unable to obtain data other than the UK company estimate from the PwC survey , so we used the US data as a starting point, lowering the expenses a bit to account for the gap seen between U.S. and U.K. expected spending on the top levels. We extrapolated it to all companies in the European Union based on Eurostat data about the number and size of companies in the EU .
Both sets of data agree to an extent with other sources:
- "The world’s 500 biggest corporations are on track to spend a total of $7.8 billion to comply with GDPR, according to consultants Ernst & Young", source: Bloomberg 
- "Microsoft Corp. has 300 engineers working to ensure its software is GDPR-compliant.", source: Bloomberg 
- "At Krones AG, a 15,000-employee German producer of bottling equipment, almost 60 people are involved in GDPR preparations.", source: Bloomberg 
- "medium-sized firms will spend an average of $550,000", source: FT 
- "£15m on average for a FTSE100 firm" 
- 28% of companies to spend up to €10,000, 41% to spend up to €50,000 on GDPR compliance, according to a survey of the Institute of Directors in Ireland 
Estimations for the world ($322.6 bn) are the least well supported since we were unable to obtain data other than the Japan data present in the PwC survey, which cannot be considered representative for the rest of the world. Thus, we are using a guesstimate that due to generally lower costs of doing business and lower percentage of trade relationships with the EU, the rest of the world will incur costs related to GDPR compliance comparable to those of the United States.
None of the estimates includes your time spent reading this text or using the above GDPR cost calculator instead of doing something beneficial to the rest of the world (read: something someone was ready to pay you for), including our own time spend developing this calculator instead of better statistical tools and writing helpful articles on topics of actual importance to people.
How do we estimate prices for different products/services
The prices were estimated using publicly available market prices. For example, the baby formula is based on an estimate from prices for packs of formula sold at Walmart, the leading U.S. retail chain. Poor relief products were priced based on the Foodforthepoor.org website gift package prices . They mostly refer to relief provided for the African continent.
The price of a wheelchair was determined using an average from the category Standard Wheelchairs of the 1800wheelchair.com website. Average prices on Amazon for the iPhone 8 were used for the iPhone price, while Lantus long-acting type insulin recommended prices were used for the insulin injection price.
For cancer research projects we used the arithmetic mean based on the funds given as research grants by the American Cancer Society to currently running cancer research projects ($405,504,880 for 755 projects) .
The price of a man-hour of work is estimated considering that of a skilled professional, since people dealing with GDPR compliance are usually IT, legal and accounting professionals who are mostly high paid as well. If you would have spent the same money on lower paid labor, it can buy you several times that number of man-hours.
How to become GDPR compliant
Very few people can actually tell you, due to the obtuse language and contradictory formulation of some of the key clauses in the document. Until there are legal precedents involving GDPR its anyone's guess. A lot of companies will try to sell you expensive GDPR compliance services or products and while that may improve your chance to avoid GDPR-related fines, there is no guarantee, no certain way to achieve compliance.
When considering the steps you take towards compliance, you should certainly consider any harmful effects that the friction introduced by adding new or more complicated procedures will produce. One of the worst things about GDPR is that the burden of proof is on you: to prove that you need to retain the data, that you have asked and received voluntary informed consent from the person whose data you are collecting and storing.
 PwC "Pulse Survey: GDPR budgets top $10 million for 40% of surveyed companies" [online] https://www.pwc.com/us/en/increasing-it-effectiveness/publications/general-data-protection-regulation-gdpr-budgets.html , accessed May 15, 2018
 Netsparker "Netsparker Surveys US Based C-Levels on GDPR Compliance" [online] https://www.netsparker.com/blog/web-security/gdpr-compliance-2018-survey-results/ , accessed May 15, 2018
 U.S. Census Bureau, 2015 County Business Patterns 2015 SUSB Annual Data Tables by Enterprise Industry [online] https://www.census.gov/data/tables/2015/econ/susb/2015-susb-enterprise.html, release date: Jan 31, 2018, accessed May 15, 2018
 Eurostat "Business demography statistics" [online] http://ec.europa.eu/eurostat/statistics-explained/index.php/Business_demography_statistics , accessed May 15, 2018
 Bloomberg "It’ll Cost Billions for Companies to Comply With Europe’s New Data Law" [online] https://www.bloomberg.com/news/articles/2018-03-22/it-ll-cost-billions-for-companies-to-comply-with-europe-s-new-data-lawm , publish date: March 22, 2018, accessed May 15, 2018
 FT "Companies face high cost to meet new EU data protection rules" [online] https://www.ft.com/content/0d47ffe4-ccb6-11e7-b781-794ce08b24dc , published Nov 19, 2017, accessed May 15, 2018
 SIA Partners "Preparing for the GDPR – Why you need £15m or £300-£450 per employee on average to implement the GDPR" [online] http://en.finance.sia-partners.com/20180115/preparing-gdpr-why-you-need-ps15m-or-ps300-ps450-employee-average-implement-gdpr , published Jan 15, 2018, accessed May 15, 2018
 Independent "One in three directors concerned about compliance costs of GDPR" [online] https://www.independent.ie/business/irish/one-in-three-directors-concerned-about-compliance-costs-of-gdpr-36643907.html , published Feb 26, 2018, accessed May 15, 2018
 FoodForThePoor.org Gifts Catalogue [online] http://www.foodforthepoor.org/gift-catalog/wb/2018-spring-8281/products.html , accessed May 15, 2018
 American Cancer Society [online] https://www.cancer.org/research/currently-funded-cancer-research/grants-by-cancer-type.html , accessed May 15, 2018
Cite this calculator & page
If you'd like to cite this online calculator resource and information as provided on the page, you can use the following citation:
Georgiev G.Z., "GDPR Compliance Cost", [online] Available at: https://www.gigacalculator.com/calculators/gdpr-compliance-cost-calculator.php URL [Accessed Date: 18 Sep, 2019].