Fines may seem intimidating, but basic security practices keep businesses in compliance
On May 25, 2018, the General Data Protection Regulation, better known by its acronym GDPR, came into force. For two years before that – the European Parliament approved GDPR in 2016 – businesses around the world hustled to comply. Fines could go up to €20 million (euros), or 4% of the company’s worldwide annual revenue (whichever was higher)! It made good business sense to be prepared.
Sixteen months after it was enacted, we can evaluate what’s transpired. According to Enforcement Tracker, which maintains a list of GDPR fines imposed within the European Union, 21 countries have applied fines:
Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Malta, Norway, Poland, Portugal, Romania, Spain, Sweden, UK
It is important to note that the list provided by Enforcement Tracker is not complete as not all fines are made public (maybe legislation should be changed so all are treated in the same way). The top three fines add up to €365 million.
The fined are people and companies from all kinds of sectors: private companies, municipalities, political parties, hospitals. They range from large media companies and banks to a kebab restaurant and a police officer.
From a business point of view, GDPR may appear unhelpful. Not only do businesses have to worry about the never-ending wave of cyberattacks, authorities may also go after them if they do become a victim. If we look closer at the fines and the reasons behind them, we see that a number of them share the same root. Fines are handed out for reasons such as:
“Poor security arrang ..
Support the originator by clicking the read the rest link below.
