Quotes Icon

Andrew M.

Andrew M.

オペレーション担当副社長

"私たちは小規模な非営利団体のためにTeamPasswordを使用していますが、私たちのニーズにうまく対応しています。"

今すぐ始める

Table Of Contents

    GDPR: was it really a big deal?

    GDPR: was it really a big deal?

    March 2, 20215 min read

    Cybersecurity

    It’s been almost three years since the GDPR took effect. Now that the initial uncertainty about it has started to clear up, many are asking: Was it a big deal?

    This blog entry explains why the GDPR is definitely a huge deal. GDPR not only imposes strict requirements and hefty fines. It also massively impacts how businesses manage data security and avoid data breaches.

    TeamPassword helps you take the needed steps to stay GDPR-compliant. We provide cyber-security tools and expertise for protecting your organization’s data. Shield your information from data breaches, sign up for a free 14-day trial today.

    Table of Contents

      GDPR and DATA Security

      The EU’s General Data Protection Regulation (GDPR) lays down rules on how companies should handle the personal data they collect from EU citizens and residents. Among other things, it outlines strict responsibilities and requirements to ensure organizations keep consumer’s data private and protected.

      These data security provisions cover areas such as implementing data protection protocols and roles, adopting a privacy-by-design approach throughout the organization, and mitigating data breaches. This gives the GDPR its reputation as the world’s toughest data privacy and security law.

      An even more crucial GDPR component is the costly fines and penalties it imposes on businesses for noncompliance. Depending on the severity of the violation, fines can reach up to €20 million or 4% of annual revenue, whichever is higher.

      Put simply, the GDPR makes it a very expensive mistake for businesses to skimp on data security.

      Cost of Non-compliance

      Just how much do data security violations cost businesses under the GDPR? This depends on various factors, but the overall trends show that data security infringements have so far been a major source of GDPR fines.

      At the time of writing, the GDPR Enforcement Tracker reports a total of €275 million in fines levied since enforcement. Of this amount, €64 million comes from fines for “insufficient technical and organisational measures to ensure information security” (the second biggest category in the list).

      In addition, four out of the five largest GDPR fines ever imposed have involved some form of data security violation (although the fines also included other non-compliance issues):

      • H&M: €35.2 million (an error that left a network drive unprotected)
      • TIM: €27.8 million (broad set of GDPR violations including data breaches)
      • British Airways: €22 million (phishing websites hijacked site traffic)
      • Marriott International: €20 million (cyber-attack that compromised user data including 31 million EU residents)

      This clearly indicates that regulators are very serious about going after businesses that don’t adequately protect consumer data.

      Comparing GDPR Fines With Other Data Privacy Regulations

      To see how GDPR stacks up against similar data protection laws, here’s a quick comparison of the fines imposed by other GDPR-like regulations:

      Regulation

      Jurisdiction

          Maximum Fines

      California Consumer Privacy Act (CCPA)

      California

        Civil penalties of $7,500/violation, statutory damages of $750/consumer/incident

      Data Protection Act (DPA)

      UK

        £17.5 million or 4% of global revenue

      Digital Charter Implementation Act

      Canada

        CAD25 million or 5% of global revenue

      Privacy Act

      Australia

        AUD1.8 million

      Act on Protection of Personal Information

      Japan

        ¥100 million

      Personal Data Protection Law

      China

        CNY50 million

      Lei Geral de Proteçao de Dados (LGPD)

      Brazil

        R$50 million

      So, Is GDPR A Big Deal?

      With strict responsibilities and steep penalties it places on businesses, the GDPR is a huge deal. But is it a big deal for your company, too? If you collect or process EU citizens’ and residents’ personal data, then it absolutely is.

      As we’ve seen, data security makes up a critical part of GDPR compliance. In particular, it requires businesses to:

      • Implement proper organizational and technical measures to protect personal data
      • Assess how business decisions impact data protection
      • Track data breaches and promptly notify affected parties
      • Train employees on keeping data secure

      In terms of how big a liability you’ll face for data infringements, regulators take various data security factors into account when calculating GDPR fines:

      • The size and duration of the breach
      • Type of data compromised
      • Whether intent or negligence is involved
      • Prevention and mitigation steps taken
      • Record of past data breaches

      Finally, as more GDPR-like regulations take effect, you’re bound to be governed by other data privacy laws at some point. Becoming GDPR-compliant helps you stay ahead at meeting similar regulations down the road. That makes GDPR quite a big deal for everyone.

      Conclusion

      In this post, you’ve seen what GDPR means for data security and why it’s a big deal for every business right now. The big takeaway is that GDPR mandates a data-privacy-by-design mindset which, in turn, needs robust data protection mechanisms in place.

      That’s where TeamPassword can help. We give you tools to easily manage passwords across your organization so that data stays secure. Give it a try with a free 14-day trial today.

      パスワードの安全性を高める

      パスワードを生成し、正しく管理させるための最適なソフトウェア

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      関連記事
      Why Do Hackers Want Your Email Address?

      Cybersecurity

      November 21, 202413 min read

      What Can Hackers Do with your Email Address?

      Email is used for password resets, 2FA authorization, and other identity verification. Learn how hackers exploit yours and ...

      Employees standing around computer discussing code

      Cybersecurity

      November 15, 202410 min read

      Creating a Company Culture for Security | 5 Actionable Insights

      Security is both a technical and cultural issue. Employees who value and promote security will prevent cyberattacks, protect ...

      username and password in green lettering

      Cybersecurity

      November 14, 202413 min read

      What Is Password Management? [Complete Guide]

      What is password management? Learn how to effectively manage your passwords with these best practices, tools, and more. ...

      最新情報をお見逃しなく!

      このような投稿をもっと読みたい方は、ブログを購読してください。

      Promotional image