One Year Later: GDPR Fines Heating Up

How regulatory enforcement has impacted those doing business in the EU?

On July 8, British Airways was faced with a record $230 million fine under the EU’s General Data Protection Regulation (GDPR) [source: CNN] for a data breach that compromised the private information of nearly 500,000 customers. Since its implementation on May 25, 2018, GDPR has forced sweeping changes across the organizational landscape, sending a clear message that corporations without controls over their data are operating under a high-risk strategy. According to some calculations, there have been more than 59,000 reported data breaches throughout Europe [source: DLA Piper], with small and big organizations alike already subjected to substantial fines in France and Germany.

The bodies tasked with enforcing GDPR have not been shy about imposing fines, even when the legal position of many German experts was that there should be a lesser penalty. In the U.K., apart from having the ability to levy fines, the Information Commissioner’s Office has other available forms of disciplinary action, including issuing warnings and reprimands, imposing temporary bans on data processing, suspending data transfer rights, or even removing or recording the material or written data. Companies now realize that it’s simply good business to have their data in order, especially considering how the blowback from a data breach can ruin their reputation or result in litigation that may be more damaging than the initial fines.

GDPR compliance requires both organizational and technical planning. Over the past year, Knovos has helped ensure that our clients’ technical compliance challenges are being properly addressed. Our advanced information governance technology provides information protection teams with a data command center that allows them to connect all of their dispersed information into one centralized repository. This enables organizations to establish proper data access rights for each individual employee, as well as to search across their entire data landscape and act on the results as needed.

The fundamental tenets of GDPR include accountability, reportability, searchability, purgeability, and portability. Organizational deployment of effective technological solutions accommodates these tenets while protecting against the fines and other potential damages associated with violation of GDPR regulations. Automated and flexible data management capabilities like those offered by Knovos are also critical to helping organizations both large and small enhance security, reduce risk, and consolidate data.