H&M has been hit with a $40m GDPR fine for illegally surveilling employees in Germany.
GDPR is not just something else an organisation needs to comply with, but rather benefit from the behaviours GDPR is designed to encourage. Organisations shouldn’t view regulation such as this as a burden and start to view it through the lens of their customers, partners, or employees. If someone trusts you with their data, you owe it to them to be completely honest about what data you are collecting and to protect it, know exactly how (and where) it is stored, and who can access that data.
Many organisations are having to pay penalties for such data breaches and it is only afterwards that the true cost of a breach is realised and those previously perceived potential savings from not investing in security and data management solutions is trivial compared to the significant financial penalties. Furthermore, it is often the case that the damage to the organisation’s reputation and branding dwarfs the fine imposed.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics