CNIL criticizes studies on the economic impact of GDPR for inaccurately measuring its benefits

How much does the General Data Protection Regulation (GDPR) cost for companies subject to it? This is a question that the economic literature regularly addresses. Far from being “a superfluous exercise“, it is not always carried out well, according to the National Commission for Information Technology and Liberties (Cnil).”Most of these studies focus on costs without sufficiently measuring benefits (…)“, judges the French authority. It does not cite any particular study.

The difficulty in isolating the specific effect of the GDPR

The costs linked to compliance with the European text are “real and inevitable“, notes the CNIL, Nevertheless, “this cost is an investment in compliance, which has economic benefits“These are often poorly measured by studies due to shaky methodology, she adds. In fact, the majority of studies compare a company subject to the GDPR and a control group which is not subject to it. . Gold, “it is complicated to isolate the specific effect of the GDPR in relation to the economic context and the varied behaviors of the actors“Also, studies focusing on one sector cannot be generalized to the entire economy, contrary to what some claim, she believes.



This article is reserved for our DPO Club subscribers

Support expert journalism.

Already subscribed?
Log in

Selected for you