Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation, GDPR, came into force. The number of breaches and other security incidents being reported each day continues to rise and the number of significant fines is soon to follow.
European data protection authorities have received more than 160,000 data-breach notifications since GDPR came into force in May 2018https://t.co/DIRyA6qzip
— Computing.co.uk (@Computing_News) January 20, 2020
One should bear in mind that the GDPR’s formidable 4% of the annual revenue is reserved for the most flagrant (e.g. systematic, reckless or willful) violations of the law. Otherwise, fined companies may just go out of business and consequentially increase unemployment, reduce social welfare and undermine economy. European courts are well aware of these ramifications and will likely remain reasonable and prudent when imposing fines. Cooperation, transparency, remediation and compensation to the victims are all to be considered when imposing a monetary fine under GDPR. Ultimately, an excessive or disproportionally harsh fine can always be disputed on appeal, and possibly reduced or even cancelled.