The Cyberspace Administration of China said it fined Didi 8.026 billion yuan ($1.19 billion) after deciding the company violated China’s network security law, data security law, and personal information protection law.
“This case tellingly illustrates that governments all around the globe finally start taking data protection and privacy seriously. This trend is clearly visible not only in developed Western countries, which set the tone with GDPR back in 2016, but in many developing countries in Latin America, Africa and Asia. Importantly, the growing number of regulations increasingly impose personal liability upon corporate executives for a failure to implement and supervise an adequate data protection strategy at their company. We shall expect higher fines both for non-compliant companies and their executives, whilst the latter will not necessarily be covered by corporate insurance due to the novelty of the issue. Ongoing risk and threats assessment, privacy impact audits and implementation of a systemized, risk-based and process-driven data protection strategy is the only way for executives to avoid facing harsh monetary penalties or even a personal bankruptcy.”
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics