The world’s most valuable resource
Digital information has been ruling the world for decades, and it’s no wonder that The Economist called personal data “the world’s most valuable resource”.
Companies rely on their customers’ personal data to correctly market their products, design themost effective marketing campaigns and run loyalty programs that deliver results. The list can go on and on. It is clear that it is almost impossible for a company to function well and achieve success without any use of its customers’ personal data.
The cost of non-compliance
One of the most important changes that the GDPR has compared to the previous legislation from 1995 is the fines set for companies that do not comply with the requirements.
Official fines for non-compliance with GDPR can have a financial cost of up to €20 million or 4% of global annual revenue (whichever is greater).
The deadline for compliance has passed, and since May 25, 2018, when GDPR came into force, companies are faced with the task of redesigning their data collection and data processing policies. So far, data breaches and penalties under GDPR have not made headlines, but companies should expect stiffer consequences in 2019.
While there are no actual cases to show increased fines for data breaches, Forbes has reviewed some of the world’s biggest data breaches and showed how actual penalties would change in light of GDPR to get a sense of what the new data Protection Act could mean for companies.
# 1. Yahoo – up to $160 million fine for GDPR
2013 and 2014 were difficult years for Yahoo, with 3 billion user accounts breached, making it the largest data breach in history. To add to the drastic scope, the company failed to disclose the extent of the breach within 72 hours, as required by the GDPR: it took Yahoo nearly 3 years to acknowledge the full extent of the breaches. Taking into account the guidelines for fines by the GDPR, Yahoo would have faced financial fines of $80 million to $160 million, with revenues in excess of $4 billion for 2012.
# 2. eBay: £10 million to £20 million GDPR fine
The personal data breach that occurred in 2014 resulted in compromising information such as names, addresses, date of birth and passwords of 145 million eBay customers. Although the company notified users in a relatively short period of time, it was still more than 72 hours away. In addition to reputational damage and criticism over the lack of communication, eBay would have qualified for a fine of £10 million to £20 million if RGPD were in place. The company’s 2013 turnover was $6.6 billion.
What to do in 2019 to avoid fines?
Fines for GDPR non-compliance extend far beyond data breaches and data security, and companies of any size should be prepared and have all documentation in place to demonstrate compliance with the new law. We assume you are already aware of