It's 281 days until GDPR kicks in. But who's counting?
A large number of the information security professionals we serve at SecureWorld, that's who. We've been hearing from CISOs who fear huge fines of up to 20 million Euros or 4% of global turnover, whichever is greater.
And a recent analysis shows that last year's fines in the UK would have been 79 times higher under GDPR than current statutes.
GDPR: Sorting fact from fiction
The fear of fines is so high that UK Information Commissioner Elizabeth Denham is blogging about it to sort "fact from fiction," and she had this to say in her recent post:
"Predictions of massive fines under the GDPR that simply scale up penalties we’ve issued under the Data Protection Act are nonsense. Don’t get me wrong, the UK fought for increased powers when the GDPR was being drawn up. Heavy fines for serious breaches reflect just how important personal data is in a 21st century world. But we intend to use those powers proportionately and judiciously."
She says last year her office concluded more than 17,000 cases, yet issued fines to just 16 organizations.
GDPR: Fear the fines or brand reputation?
The Commissioner seems fairly adamant that fines, especially massive ones, will be some sort of last resort. And the final lines of her post make you wonder if a damaged brand might be the real thing to fear.
"The GDPR gives us a suite of sanctions to help organisations comply—warnings, reprimands, corrective orders. While these will not hit organisations in the pocket, their reputations will suffer a significant blow. And you can’t insure against that."
SecureWorld will continue to post developments on the General Data Protection Regulation as we head toward May 25, 2018.
