Record fines show the severity of a GDPR breach

Think your business can afford to put GDPR on the backburner?

Think again. Today, all it takes is a slight oversight for a company to fall victim to a cyber-attack; it only requires one click on a very convincing but fraudulent email for your precious data to fall into the wrong hands.

For two years, GDPR became the acronym on everyone’s lips; the foreboding regulation
that set CEOs into panic mode was the buzzword that was brought up at every opportunity.
“How will we prepare? What are the risks? Can I still do any marketing at all?!” were the common questions the internet grew accustomed to as the clock ticked down to May 2018 and businesses sought to prepare themselves for the biggest change to data protection laws in twenty years.

Yet, despite an adequate time-frame for implementation, it’s becoming apparent that a worryingly large number of organisations have failed to heed the warning. According to research from DLA Piper, the Information Commissioners Officers (ICO) have received more than 10,000 breach notifications since GDPR-deadline day – the severity of incidents ranging from incorrectly sent emails to high-profile hacks that have dominated the headlines.

Since 25th May 2018, over 59,000 data breaches have been reported to European data protection authorities. But don’t cry for the victims of GDPR, for many of them should have known better. No company more so, in fact, than internet giant Google who was recently hit with a landmark €50 million GDPR fine, issued by the French privacy Watchdog CNIL – the largest in the GDPR’s history.

Sure, €50 million may not be enough to harm Google financially. However, more than money, the breach has already proven damaging to their reputation; it will require the internet giant to really reconsider their approach to compliance and their provision of services. According to the watchdog, the record fine was given for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.”

Of course, they aren’t alone in their mistakes. Facebook may have already taken a proverbial beating to their market value following the Cambridge Analytica scandal, but in October, the ICO announced that the social network would be fined £500,000 for failing to protect its user data. While £500,000 may be pocket change for Facebook, a drop of 15 billion in CEO Mark Zuckerberg’s net worth from sliding stock prices is the deepest cut from the breach.

For an SME, failure to comply with new regulations could have a number of disastrous outcomes. If anything, these sky-high fines serve to prove that no-one is immune nor excluded from the stringent rules that exist to give citizens control over their data. Even if a GDPR breach in your business isn’t enough to make the headlines, it’s certainly enough to impact your bottom line.