Filter by Category

The Cost of Not Being GDPR Compliant

Being GDPR compliant is proving difficult for some businesses in Europe.

European data protection authorities have received hundreds of thousands of data breach reports since the EU’s GDPR came into effect. From there, they have imposed fines in the hundreds of millions of euros for a variety of privacy regulation infringements. The rise of data breaches during COVID-19 will likely lead to further fines as businesses strive to protect their employees and data as they work from home.

A Quick GDPR Recap

The European Union’s General Data Protection Regulation (GDPR) came into effect in May of 2018 as a replacement to the EU Data Protection Directive. The GDPR bolsters and protects the rights of data subjects by outlining what individuals can expect from organizations that collect their data. The GDPR further outlines how organizations must protect personal data during collection, storage, and disposal.

Organizations must comply with the GDPR if they fall into one or more of the following categories:

  • Have at least one location within the EU
  • Process or store data about residents of the EU
  • Use third party services that process or store information about individuals who reside in the EU

Iceland, Liechtenstein, and Norway comply with GDPR regulations alongside the 28 EU member states of the EU (Britain must also comply with the GDPR until they leave the EU at the end of 2020). While organizations have control over the steps they can take to protect data during intake, storage, and destruction, they’re still vulnerable to data breaches.

The Cost of Not Being GDPR Compliant

Not Meeting GDPR Privacy Regulations

Organizations to which the GDPR applies can be fined up to 4 percent of their annual global revenue or €20 million ($22 million), whichever is greater, for violating the privacy regulation. Further, they face sanctions that could limit their ability to conduct business as usual, including losing the ability to process personal data.

Failing to Report and Alert

Once a breach of personal data is discovered, organizations must alert data protection authorities within 72 hours. Failing to meet reporting requirements can also incur fines of 2% of annual global revenue or €10 million ($11 million), whichever is greater. The fines also apply to organizations that do not have proper security measures in place.

GDPR Compliance Fines

As Bank Info Security noted in January, the GDPR is still new and the fines data protection authorities are imposing are low compared to what they could be, not to mention inconsistent across countries. Experts assume (and hope) that, as data protection authorities and regulators become more familiar with both data privacy violations and breaches, fine amounts may rise and become more consistent across the EU.

Recent fines have included:

  • France – Google – €50 million
  • England – British Airways – £183 million
  • Germany – AOK Aden-Württemberg – €1.2 million
  • Croatia – Unidentified bank – €20 million
  • Italy – TIM SpA – €27.8 million

Organizations that end up being reported, investigated, and fined for non-compliance tend to be processing too much personal data, leaving their data unsecured, or both.

How to Ensure GDPR Compliance

Protecting the personal data your organization processes doesn’t have to be difficult. With controls in place, as well as organizational policies, you can fully enforce and ensure compliance from the top down:

  • Create a procedure to quickly locate and delete personal data about a person
  • Simplify your method of safely disposing of customer information when requested to do so
  • Ensure you can appropriately audit your records to find all personal data, including any external companies you’ve shared information with

Related Reading: Need Help with GDPR Compliance? 3 Simple Steps to Take Now

One way to meet several data privacy requirements at once – safeguards, audit trails, storage, and limited access – is with a managed file transfer (MFT) solution. MFT protects files both at rest and in transit, and takes on the heavy lifting of any custom programming and scripting used for file transfers.

GoAnywhere MFT helps organizations meet data privacy requirements like GDPR by providing an auditable solution with secure file transfers, encryption, secure file sharing and collaboration, and granular user permissions.

How to Protect Your Data and Prevent a Data Breach

For some organizations, the changes needed to comply with the GDPR drastically altered how data was processed and protected. While it has been in effect for two over two years, organizations are still working out what works best for them from a cybersecurity standpoint.

While there is no failsafe way to prevent a data breach, ensuring your data is secure during transfers and at rest, having insight into how users interact with your files, and centralized control over file transfers is a good start. GoAnywhere Managed File Transfer can help you to comply with the GDPR and protect your organization against a breach.

Schedule a Demo

Related Posts


GDPR and Data Privacy after Brexit: What’s Next?

So, the GDPR (General Data Protection Regulation) hit us with a bang in May 2018 and aside from a few high-profile fines, companies seem to be coping well on the whole. But is that really what’s…


Meeting GDPR Requirements Using Managed File Transfer

The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive in the EU on May 25, 2018. At this time, and long afterward, organizations that aren’t found compliant…


How a Data Security Breach Puts Your Organization at Risk

Data breaches are, unfortunately for organizations everywhere, becoming likely events rather than worst-case scenarios, as more and more organizations are learning. There are a variety of safeguards…


How to Help Ensure Compliance with Data Privacy Laws

How to Help Ensure Compliance with Data Privacy LawsIf complying with data privacy laws like the GDPR, PDPA, CPA, HIPAA, PCI DSS, PIPEDA, and more sometimes feels like swimming in alphabet soup,…


Key Cybersecurity Takeaways from the EasyJet Data Breach

A data breach can wreak financial and logistical havoc for companies who experience them, not to mention customers, employees, and others who depend on or work with the breached organization. And…