Filter by Category

The Cost of Not Being GDPR Compliant

Being GDPR compliant is proving difficult for some businesses in Europe.

European data protection authorities have received hundreds of thousands of data breach reports since the EU’s GDPR came into effect. From there, they have imposed fines in the hundreds of millions of euros for a variety of privacy regulation infringements. The rise of data breaches during COVID-19 will likely lead to further fines as businesses strive to protect their employees and data as they work from home.

A Quick GDPR Recap

The European Union’s General Data Protection Regulation (GDPR) came into effect in May of 2018 as a replacement to the EU Data Protection Directive. The GDPR bolsters and protects the rights of data subjects by outlining what individuals can expect from organizations that collect their data. The GDPR further outlines how organizations must protect personal data during collection, storage, and disposal.

Organizations must comply with the GDPR if they fall into one or more of the following categories:

  • Have at least one location within the EU
  • Process or store data about residents of the EU
  • Use third party services that process or store information about individuals who reside in the EU

Iceland, Liechtenstein, and Norway comply with GDPR regulations alongside the 28 EU member states of the EU (Britain must also comply with the GDPR until they leave the EU at the end of 2020). While organizations have control over the steps they can take to protect data during intake, storage, and destruction, they’re still vulnerable to data breaches.

The Cost of Not Being GDPR Compliant

Not Meeting GDPR Privacy Regulations

Organizations to which the GDPR applies can be fined up to 4 percent of their annual global revenue or €20 million ($22 million), whichever is greater, for violating the privacy regulation. Further, they face sanctions that could limit their ability to conduct business as usual, including losing the ability to process personal data.

Failing to Report and Alert

Once a breach of personal data is discovered, organizations must alert data protection authorities within 72 hours. Failing to meet reporting requirements can also incur fines of 2% of annual global revenue or €10 million ($11 million), whichever is greater. The fines also apply to organizations that do not have proper security measures in place.

GDPR Compliance Fines

As Bank Info Security noted in January, the GDPR is still new and the fines data protection authorities are imposing are low compared to what they could be, not to mention inconsistent across countries. Experts assume (and hope) that, as data protection authorities and regulators become more familiar with both data privacy violations and breaches, fine amounts may rise and become more consistent across the EU.

Recent fines have included:

  • France – Google – €50 million
  • England – British Airways – £183 million
  • Germany – AOK Aden-Württemberg – €1.2 million
  • Croatia – Unidentified bank – €20 million
  • Italy – TIM SpA – €27.8 million

Organizations that end up being reported, investigated, and fined for non-compliance tend to be processing too much personal data, leaving their data unsecured, or both.

How to Ensure GDPR Compliance

Protecting the personal data your organization processes doesn’t have to be difficult. With controls in place, as well as organizational policies, you can fully enforce and ensure compliance from the top down:

  • Create a procedure to quickly locate and delete personal data about a person
  • Simplify your method of safely disposing of customer information when requested to do so
  • Ensure you can appropriately audit your records to find all personal data, including any external companies you’ve shared information with

Related Reading: Need Help with GDPR Compliance? 3 Simple Steps to Take Now

One way to meet several data privacy requirements at once – safeguards, audit trails, storage, and limited access – is with a managed file transfer (MFT) solution. MFT protects files both at rest and in transit, and takes on the heavy lifting of any custom programming and scripting used for file transfers.

GoAnywhere MFT helps organizations meet data privacy requirements like GDPR by providing an auditable solution with secure file transfers, encryption, secure file sharing and collaboration, and granular user permissions.

How to Protect Your Data and Prevent a Data Breach

For some organizations, the changes needed to comply with the GDPR drastically altered how data was processed and protected. While it has been in effect for two over two years, organizations are still working out what works best for them from a cybersecurity standpoint.

While there is no failsafe way to prevent a data breach, ensuring your data is secure during transfers and at rest, having insight into how users interact with your files, and centralized control over file transfers is a good start. GoAnywhere Managed File Transfer can help you to comply with the GDPR and protect your organization against a breach.

Schedule a Demo

Related Posts


GDPR and Data Privacy after Brexit: What’s Next?

Ensuring data privacy complies with the UK’s data protection law after Brexit is easier when Clearswift’s Secure ICAP Gateway and GoAnywhere MFT are combined.


Meeting GDPR Requirements Using Managed File Transfer

Are you ready for the General Data Protection Regulation? Find out how to make your file transfers GDPR compliant and meet GDPR requirements with this comprehensive guide and GoAnywhere Managed File Transfer (MFT).


How a Data Security Breach Puts Your Organization at Risk

Data security breaches are no longer the stuff of nightmares – instead, the number of breaches increases every year. What impacts do businesses see after a data breach, and how can they avoid them in the first place?


How to Help Ensure Compliance with Data Privacy Laws

Data privacy law compliance is easier to meet when a managed file transfer solution, like GoAnywhere, is in place to offer security, encryption, automation and more.


Key Cybersecurity Takeaways from the EasyJet Data Breach

One of the latest data security breach examples is EasyJet, which revealed that nine million customers’ personal data was compromised. Learn more about data breaches in the age of COVID-19, and what steps you can take to protect your organization.