Posts Tagged: "European General Data Protection Regulation"

Over-Stretched and Under-Resourced: General Data Protection Regulation Two Years On

In 2018, after years of planning, the General Data Protection Regulation (GDPR) was introduced by authorities across Europe. It aimed to modernize the laws that protect individuals’ private information; laws which hadn’t been updated for nearly two decades. The GDPR was designed to give formidable power to data protection authorities. The threat of fines of up to €20 million or up to 4% of an organization’s global annual turnover (depending on which is greater) had been established. Two years on, although there have been over 160,000 data breaches reported, only a small number of companies have been issued with a punishment…. Enforcement has indeed varied widely across countries, and last year we caught a glimpse of what the data breach landscape may look like in terms of fines in the UK. The Information Commissioner’s Office (ICO) has issued intentions to fine British Airways £183 million, in addition to a potential £3 billion compensation pay-out, after the personal data of around 500,000 customers was exposed from their website and app. Marriott have also been issued with an intention to fine in the sum of £99m. In comparison, almost a third of countries reportedly have yet to issue a single fine.