Six months after the EU’s General Data Protection Regulation (GDPR) went into effect, enterprises are finding that privacy regulation is costing more than anticipated. Forty-one percent of respondents to a Verasec survey said that their companies are paying more than anticipated to comply.

Even when costs were accurately estimated, compliance is still challenging; 59 percent of respondents said their companies were not in compliance with GDPR, even six months after the May 25, 2018 deadline.

Respondents’ biggest concern with GDPR in general has been ensuring all employee comply with the rules (41 percent); 24 percent are worried about being assessed fines for non-compliance, and 19 percent are concerned about educating non-EU employees on the regulation. Just 16 percent feared losing revenues or customers due to GDPR.

Despite more than half of survey respondents saying their companies are based in non-EU countries, 70 percent of them are still working to comply with GDPR, even though it is not required. Around half of respondents said GDPR remains a good standard security practice, and 30 percent believe more stringent privacy rules are forthcoming across the globe. Nearly one in four respondents not currently under GDPR control feel that adopting the regulations will prepare them for expansion into Europe.