Dive Brief:

• It's been 110 days since the EU's General Data Protection Regulation went into effect and 57% of business technology buyers still haven't allocated or don't know of a budget for the data privacy and security regulation at their company, according to a SpiceWorks study of more than 700 buyers in North America and Europe.
• European companies were more likely to have a budget than North American ones. And in general, larger enterprises reported higher allocations for compliance relative to their total budget, likely because of having more types of collected data and a larger revenue base for fines to hit, according to the survey. 
• A vast majority, 89%, of companies expect their IT budgets to grow or hold steady in the next year, but most of the budget will be allocated to hardware, software, hosted and cloud-based services and managed services. European companies were more likely to increase budgets because of regulation changes and currency fluctuations than North American companies. 

Dive Insight:

GDPR surged back into American headlines recently with the passage of a privacy bill in California addressing disclosure of PII a business has on consumers and how it is used.

While GDPR forced many companies to rethink and revise how they collect, process and store data, in the months since May 25 things have been relatively quiet in the compliance space. The EU has yet to make an example of a prominent company and send the rest of data controllers and processors scuttling to their legal and tech departments. 

But just because things are quiet doesn't mean GDPR has gone away. For those that weren't fully compliant when the deadline passed — estimated anywhere between two-thirds to one-half of companies — the budget, time and manpower impacts could still be in effect. Compliance is a lifelong process, not a one-time fix.