Netsparker: The Price of Compliance for GDPR is High in Mobile Payments and Beyond

April 26, 2024         By: Steven Anderson

One of the biggest new developments in Europe this May is the General Data Protections Regulations (GDPR) system that’s going into effect May 25. Under those rules, businesses not compliant with GDPR standards—and that’s any business that handles the personal data of European Union citizens, which includes mobile payments—will face fines of up to four percent of their total annual revenue, or $20 million, if that’s higher. A new study released from Netsparker, meanwhile, shows that the costs of GDPR compliance are running fairly high as well.

It’s clear that GDPR compliance is being taken seriously with about a month to go before GDPR kicks in. The largest single portion—48.7 percent—is over 75 percent complete with efforts to be GDPR-compliant. Just one percent of businesses surveyed have done nothing so far to be GDPR-compliant, showing just how seriously this is being taken.

Fifty-five percent of surveyed businesses are bringing in new people just to address GDPR compliance, while 48 percent are re-working their current security teams. Almost two thirds, 63 percent, of companies have a Data Privacy Officer to oversee efforts. In raw numbers, 59.6 percent of firms are poised to spend between $50,000 and $1 million, while 10.3 percent will spend over $1 million to achieve GDPR compliance.

It’s hoped that GDPR will bring about not only more secure applications running on the web, but also potentially a better handling of data breaches. About half of surveyed companies believe that businesses will no longer hide data breaches, but the other half believe that businesses will be more apt to hide data breaches to evade the massive fines now involved.

While it might be a bit much to require a hefty dollop of businesses to spend seven figure sums in a bid to fend off eight-figure-sum fines, it is a point that does need addressed. GDPR compliance is one step toward greater security, not just in mobile payments, but beyond as well. Security is the biggest problem facing mobile payments today, and if GDPR can help on that front, maybe it’s not such a bad idea.

Perhaps a more gradual approach might have been better for businesses, but when it’s our data at stake, it’s hard to not see at least some value in this route.