Written by

Bernard Marr

Bernard Marr is a world-renowned futurist, influencer and thought leader in the fields of business and technology, with a passion for using technology for the good of humanity. He is a best-selling author of over 20 books, writes a regular column for Forbes and advises and coaches many of the world’s best-known organisations. He has a combined following of 4 million people across his social media channels and newsletters and was ranked by LinkedIn as one of the top 5 business influencers in the world.

Bernard’s latest books are ‘Future Skills’, ‘The Future Internet’, ‘Business Trends in Practice’ and ‘Generative AI in Practice’.

Generative AI Book Launch
View My Latest Books

Follow Me

Bernard Marr ist ein weltbekannter Futurist, Influencer und Vordenker in den Bereichen Wirtschaft und Technologie mit einer Leidenschaft für den Einsatz von Technologie zum Wohle der Menschheit. Er ist Bestsellerautor von 20 Büchern, schreibt eine regelmäßige Kolumne für Forbes und berät und coacht viele der weltweit bekanntesten Organisationen. Er hat über 2 Millionen Social-Media-Follower, 1 Million Newsletter-Abonnenten und wurde von LinkedIn als einer der Top-5-Business-Influencer der Welt und von Xing als Top Mind 2021 ausgezeichnet.

Bernards neueste Bücher sind ‘Künstliche Intelligenz im Unternehmen: Innovative Anwendungen in 50 Erfolgreichen Unternehmen’

View Latest Book

Follow Me

GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been)

2 July 2021

Data is breached every single day but most of these breaches don’t make headlines. When the European Union’s General Data Protection Regulation (GDPR) came into effect May 25, 2018, many companies who experience a significant data breach won’t just be dealing with a public relations snafu and financial strain brought on by the breach, but will also face large fines mandated by the regulation. To get a sense for what the GDPR means for companies, we will review a few of the world’s largest data breaches and the implications if GDPR penalties would have been in place at the time of the breach.    

GDPR Overview

The European Parliament approved the GDPR in 2016 with the intent of consolidating data privacy laws across Europe and to protect EU citizens’ privacy in an increasingly data-driven world. The GDPR covers ALL companies who process the personal data of those in the EU regardless of where the company is located. In addition, penalties for a breach are serious for both data controllers and processors. Companies must use clear language to obtain authorization from an individual to use their data. No smoke and mirrors or confusing legalese is allowed. Companies must also notify individuals that their data was potentially compromised within 72 hours of realising a data breach occurred; data processors are also required to notify their customers “without undue delay.” Additional requirements make it easier for individuals to learn how their data is going to be used and processed, request data erasure and receive the personal data that organisations collect.  

And then there are the substantial fines and penalties mandated by GDPR for non-compliance with the regulation. There are two tiers of fines: Up to 10 million pounds or 2% of annual global turnover (revenue) of the previous year, whichever is higher and up to 20 million pounds or 4% of annual global turnover, whichever is greater. It is expected that breaches of data subjects’ rights will result in the higher level fine, although many factors will help determine the actual fine including the duration and gravity of the infringement and the types of personal data affected. The level of cooperation and behaviour of the organisation will also play a role in influencing the final fines.

Data Breaches and the Impact of GDPR

Let’s take a look at some of the largest data breaches that have occurred and use them to illustrate how GDPR would have impacted the companies if it had been in effect at the time of the breach. 

Yahoo

At the time that 3 billion user accounts had been breached at Yahoo in 2013-2014, it represented the largest data breach in history. Not only was the scope significant, the company didn’t disclose the breadth of the breach within 72 hours like the GDPR requires; in fact, it took them until October 2017 to fully acknowledge the extent of multiple breaches that occurred in 2013-2014. With revenue in excess of $4 billion for 2012, Yahoo would have faced millions of dollars in fines if GDPR would have been in place—$80 million but potentially as much as $160 million depending on the variable factors of GDPR including the culpability of the company and how cooperative they were.

eBay

Even though the time between eBay discovering its data breach that impacted 145 million eBay users in 2014 and notification to consumers was relatively short—the breach was discovered in early May, but the company notified its users later in the month—it still wasn’t within the 72-hour requirement of GDPR. Although names, addresses, date of birth and passwords were compromised, the financial information remained secure. At the time, the company was criticised for the lack of communication and trouble with its password-renewal process, but ultimately, since the financial info wasn’t compromised, it could mean the fines would have been lower. It’s turnover for 2013 was $6.6 billion, so they wouldn’t have qualified for the lower 10 or 20 million pounds fine.

Equifax

As one of the largest cyberattacks of 2017 (that we know of so far), the personal information of 143 million consumers was compromised and an additional 209,000 also had their credit card data exposed when a breach was discovered in July. The company failed to meet the 72-hour notification requirement of the GDPR when they made the breach public in September. They did launch a website so consumers could cheque if their data had been compromised and offered credit monitoring for all U.S. Consumers, so they may have received high marks for their cooperation and action post breach; however, they would still qualify for the higher-level fine due to reporting $3.1 billion in revenue for 2016.

As these examples illustrate, companies will face grave consequences and fines when data breaches occur when GDPR goes into effect. The regulations are strict and all companies doing business in or with citizens of the EU need to be sure they have processes in place to meet the GDPR requirements now.


Business Trends In Practice | Bernard Marr
Business Trends In Practice | Bernard Marr

Related Articles

AI Gone Wild: How Grok-2 Is Pushing The Boundaries Of Ethics And Innovation

As AI continues to evolve at breakneck speed, Elon Musk's latest creation, Grok-2, is making waves in the tech world.[...]

Apple’s New AI Revolution: Why ‘Apple Intelligence’ Could Change Everything

Apple's announcement of 'Apple Intelligence' marks a seismic shift in how we interact with our devices.[...]

Why AI Models Are Collapsing And What It Means For The Future Of Technology

Artificial intelligence has revolutionized everything from customer service to content creation, giving us tools like ChatGPT and Google Gemini, which can generate human-like text or images with remarkable accuracy.[...]

Where Will Artificial Intelligence Take Us In The Future?

Just a few years back, if you had been told that by 2024, you would be able to have a conversation with a computer that would seem almost completely human, would you have believed it?[...]

AI: Overhyped Fantasy Or Truly The Next Industrial Revolution?

The term “fourth industrial revolution” has been used in recent years to describe the transformative impact that many believe AI and automation will have on human society.[...]

The World On Edge: 5 Global Mega Threats That Could Reshape Our Future

In an era of unprecedented global interconnectedness, humanity faces a perfect storm of challenges that threaten to reshape our world.[...]

Sign up to Stay in Touch!

Bernard Marr is a world-renowned futurist, influencer and thought leader in the fields of business and technology, with a passion for using technology for the good of humanity.

He is a best-selling author of over 20 books, writes a regular column for Forbes and advises and coaches many of the world’s best-known organisations.

He has a combined following of 4 million people across his social media channels and newsletters and was ranked by LinkedIn as one of the top 5 business influencers in the world.

Bernard’s latest book is ‘Generative AI in Practice’.

Sign Up Today

Social Media

0
Followers
0
Followers
0
Followers
0
Subscribers
0
Followers
0
Subscribers
0
Yearly Views
0
Readers

Podcasts

View Podcasts