Since the release of GDPR privacy regulation just a year and a half ago, there have been 160,000 data breaches reported to authorities.
The General Data Protection Regulation law came in to protect people’s data and to make sure that firms were complying with keeping customers safe online. Those who didn’t follow procedures faced fines of millions.
Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments: “One should bear in mind that the GDPR’s formidable 4% of the annual revenue is reserved for the most flagrant (e.g. systematic, reckless or willful) violations of the law. Otherwise, fined companies may just go out of business and consequentially increase unemployment, reduce social welfare and undermine economy.”
One of the largest fine paid was 50 million Euros by CNIL, a French data protection agency, to Google due to consent infringements. Following this, British Airways was also made to pay a £183 million fine after the personal data of half a million customers was exposed in a cyber attack.
“European courts are well aware of these ramifications and will likely remain reasonable and prudent when imposing fines. Cooperation, transparency, remediation and compensation to the victims are all to be considered when imposing a monetary fine under GDPR. Ultimately, an excessive or disproportionally harsh fine can always be disputed on appeal, and possibly reduced or even cancelled,” Kolochenko adds.