skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Straight Talk Technology

Ovum view

So it finally happened. After all the hype, the endless emails from organizations requesting consent, and the appointment of data controllers and data processors, the EU’s General Data Protection Regulation (GDPR) came into force last week.

This has been no small undertaking for any organization holding or processing data and information about EU citizens. Some organizations came to the party early, ready for compliance well in advance of the May 25 deadline. Others that perhaps had more pressing day-to-day matters to deal with only increased their efforts when it became clear that not to do so could result in a serious fine.

Irrespective of an organization's size, GDPR compliance has come at an expense. It is a cost of doing business, but nevertheless the funding had to be found. According to the International Association of Privacy Professionals (IAPP) and Ernst & Young (EY), US Fortune 500 companies have spent approximately $7.8bn on GDPR compliance, with UK FTSE 350 companies paying out around $1.1bn. That’s nearly $9bn, and includes nowhere near every organization that must comply.

Pressures surrounding regulatory issues such as GDPR have been a priority and as such have diverted spend in many organizations. IT projects and business improvement projects have been put on hold, and from an information security perspective, spend has been diverted from addressing all but the immediate threat landscape. During the past year or so, it has become apparent that some of the budget has come from security-related projects, not least because compliance involves an element of security resources (technology and people).

Senior IT professionals and security leaders receive regular and detailed views of the cybersecurity threat landscape and from that gain valuable insight into what they might expect to see over the coming year. The expectation (and realization) of increased threat activity would usually have influenced cybersecurity development strategies, but diverted spend means that for many organizations, only the most urgent requirements have been actioned.

Now that the regulation has launched, CISOs and security managers responsible for an organization’s security posture are asking for their diverted budgets to be made available again. No doubt this will be the same across the business. Compliance isn’t a one-off undertaking and must be sustained, but the significant investments associated with the preparation for GDPR should now be over, allowing funding of security to return to its "rightful" place.

Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.

Recommended Articles

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

  • Enterprise Services

    5G: Another technology in search of enterprise use cases

    By Evan Kirchheimer 26 Apr 2018

    Service provider interest in justifying 5G investment through its potential to open new revenue streams from the enterprise segment is growing ever greater.


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now