The EU’s General Data Protection Regulation was meant to finally bring in line organizations that didn’t treat Europeans’ personal data with respect. But two years after the regulation went into full effect, why have both the U.K. and Ireland each issued only one final GDPR fine to date?
When GDPR went into full effect on May 25, 2018, so too did EU members states’ privacy watchdogs’ bigger enforcement powers. Organizations were given just 72 hours to alert regulators when they’d discovered a breach and provide the particulars of what happened, when and how. Any organization that fails to so notify, or which had inadequate security controls in place for protecting personally identifiable information – whether or not it got breached – now faces the potential of steep fines.