GDPR Shows Its Teeth, Goes After Breached Companies
In 2018, the European Union (EU) General Data Protection Regulation (GDPR) heralded in the most important change in data privacy regulation in 20 years.
[...] EU regulators have long warned that non-compliance with GDPR would result in hefty penalties. Beginning as early as 2018, tech giants Facebook and Google faced scrutiny for a lack of transparency about the data they collect. They were eventually fined €56 million.
But tech companies aren't the only ones in the spotlight. CIO Dive reports that in July 2019, the UK's Information Commissioner's Office announced plans to fine British Airways and Marriott International $230 million and $124 million, respectively, for data breaches reported in 2018.
This action is a huge red flag for all companies. It signifies that GDPR is far more broad reaching than most firms had anticipated.
"The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today's data-driven world," states the regulation. "Under the GDPR, breach notifications are now mandatory in all member states where a data breach is likely to 'result in a risk for the rights and freedoms of individuals.' This must be done within 72 hours of first having become aware of the breach."
The penalties are severe. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater. In the case of British Airways and Marriott, the fines were stiffer than those incurred by tech companies.
Ironically, the breach doesn't have to come from within to incur the wrath of GDPR enforcers. Marriott was never directly breached. The attack came from an already compromised server inherited during Marriott's 2016 acquisition of the Starwood Hotels group.
Marriott is not alone. Today, 59% of breaches originate with third-party vendors and 53% of acquiring businesses say they've encountered a cybersecurity issue or incident that put an M&A deal in jeopardy.
(Score: 2, Insightful) by Anonymous Coward on Friday July 19 2019, @08:50PM (1 child)
For those of us who are less rich than you are, long expensive courts and juries (often corrupt) are one of the many faces of the Devil.
No, it is not money that should solve this.
Politely, I am of the completely opposite opinion than you. That the GDPR has more power than I was expecting, for me is a good thing.
But then again, I live in Europe, and all this could be because here, money is not the new god. Obviously I have more trust in the government compared to americans. Probably because I have seen it work in the benefit of the population a lot more often than americans have seen theirs do the same. At the least, it educates me free of charge all the way, from elementary, till university.
(Score: 2) by Pino P on Sunday July 21 2019, @12:06AM
Have you seen companies outside the EU stop trading in the EU because the companies cannot afford the annual fee for representation required pursuant to article 27?