GDPR After One Year: Costs and Unintended Consequences. By Alec Stapp

GDPR After One Year: Costs and Unintended Consequences. Alec Stapp. May 24 2019. https://truthonthemarket.com/2019/05/24/gdpr-after-one-year-costs-and-unintended-consequences/

Excerpts (full links in the original article):

GDPR cases and fines
Here is the latest data on cases and fines released by the European Data Protection Board (https://edpb.europa.eu/news/news/2019/1-year-gdpr-taking-stock_en):

    €55,955,871 in fines
        €50 million of which was a single fine on Google
    281,088 total cases
        144,376 complaints
        89,271 data breach notifications
        47,441 other
    37.0% ongoing
    62.9% closed
    0.1% appealed

Compliance costs are astronomical
    Prior to GDPR going into effect, it was estimated that total GDPR compliance costs for US firms with more than 500 employees “could reach $150 billion.” (Fortune)
    Another estimate from the same time said 75,000 Data Protection Officers would need to be hired for compliance. (IAPP)
    As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. (Joseph O’Connor)
    Microsoft had 1,600 engineers working on compliance. (Microsoft)
    During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. (Quartz)
        However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” (The Washington Post)
    “About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” (The Washington Post)
        Other reports claim that GDPR does not require removing name tags from buildings, but it is telling that ambiguity in the law caused the Vienna housing authority to believe it did (derStandard)

Unseen costs of foregone investment & research
    Startups: One study estimated that venture capital invested in EU startups fell by as much as 50 percent due to GDPR implementation. (NBER)
    Mergers and acquisitions: “55% of respondents said they had worked on deals that fell apart because of concerns about a target company’s data protection policies and compliance with GDPR” (WSJ)
    Scientific research: “[B]iomedical researchers fear that the EU’s new General Data Protection Regulation (GDPR) will make it harder to share information across borders or outside their original research context.” (Politico)

GDPR has been the death knell for small and medium-sized businesses

SMBs have left the EU market in droves (or shut down entirely). Here is a partial list:

    Brent Ozar, IT consulting services
    CoinTouch, peer-to-peer cryptocurrency exchange
    Drawbridge, cross-device identity service
    FamilyTreeDNA, free and public genetic tools
        Mitosearch
        Ysearch
    Gravity Interactive, video game developer
        Ragnarok Online
        Dragon Saga
    Hitman: Absolution, video game developed by IO Interactive
    Klout, social reputation service by Lithium
    Loadout, video game developed by Edge of Reality
    Monal, XMPP chat app
    MotoSport, powersports retailer
    Parity, know-your-customer service for initial coin offerings (ICOs)
    Payver, dashcam app
    Pottery Barn, housewares retailer
    Seznam, social network for students
    Steel Root, cybersecurity and IT services
    StreetLend, tool sharing platform for neighbors
    Super Monday Night Combat (SMNC), video game developed by Uber Entertainment
    Tunngle, video game VPN
    Unroll.me, inbox management app
    Verve, mobile programmatic advertising
    Williams-Sonoma, housewares retailer