How one company lost 42 million Pounds and what this means to be GDPR compliant.
With the constant stream of sound bites surrounding GDPR, one could be forgiven to assume that most companies would have taken care to update their privacy policies and inform their customers about this transition.
Shockingly, according to a ISACA survey, not only are most companies unprepared, but only around half of the companies surveyed (52 percent) expect to be compliant by end-of-year 2018, and 31 percent do not know when they will be fully compliant!
Let that sink in…52% of companies, as of this very moment, do not comply with the (GDPR) General Data Protection Regulation.
Some of the biggest Tech and social media giants like Google, Facebook, Instagram, and WhatsApp have already been slapped with lawsuits for violating the GDPR law that went into effect on May 25, 2018.
If found guilty, EU regulators can impose fines upto 4% of global annual revenues; numbers that could easily run into the billions.
In 2015, TalkTalk, a British telecom company failed to securely store customer data and in the aftermath of the loss of data due to a cyber attack, not only was the company fined around £400,000 by British regulators, but it also lost more than 1,00,000 customers and 42 million pounds.
Such instances of data breach or data mishandling tell us the devastating impact of under -preparedness – lost revenues, dwindled customer base, negative publicity and heavy regulatory fines – enough to bring any company down to its knees.
India with an active customer base of 240 million was the largest audience country for Facebook. In the wake of the scandalous Facebook-Cambridge Analytica affair, Facebook revealed that personal data of 5,62,455 Indian users was improperly shared.
What was the effect of this revelation?
Velocity MR, a market research company, released a survey that
that found that after the Facebook security breach, 24% of users started sharing ‘’lot less’’ data, while 7% stopped sharing data altogether.
Let’s take a moment here and do some quick back-of-the-envelope-math and what this might have cost Facebook.
7% of 240 million works out to 16.8 million people avoiding Facebook. Losing
17 million customers roughly translates to Facebook shutting down operations in both Sweden and Austria!
That’s a lot of advertisement money to go down the drain.
Not only this, CEO Mark Zuckerberg had to endure negative publicity and a televised Q&A grilling session with legislators on both sides of the Atlantic.
With the latest lawsuit over GDPR non-compliance, Facebook with its deep pockets could survive another round of missed opportunities in advertising revenues and regulatory fines.
But honestly, how many businesses can afford incidents like this?
A study by Ensighten revealed that one of the reasons firms seem unprepared for GDPR, could be the lack of consensus over who is responsible for data protection within a business and how to go about it. What should be the first step?
Ryan Wain, chief marketing officer at Unlimited Group, advised decision makers to undertake a full audit on data held by a business.
He added: “Possibly the most important consideration is to avoid viewing GDPR compliance as a process with a hard and fast endpoint. Rather, it will be an on-going journey as you gather and process new data moving forward.”
It’s time to be GDPR compliant
For more than 15 years, we have been helping companies take smart decisions using data analytics. Now, we are also helping small & medium sized businesses stay compliant with the GDPR law.
The GDPR law runs to 11 chapters and 173 recitals and let’s face it, who has the time to sit down and pour through the contents with a magnifying glass?
But the good news is that we have you covered. Here are 3 things that you should absolutely know.
- Geographical location: Businesses in the EU are subject to GDPR—even if the data they’re accessing is processed outside of the EU. The reverse is also true. If you’re a company processing the data of EU citizens (either to offer goods and services, or to monitor behavior taking place in the EU)—it doesn’t matter where you’re based, or where you’re processing the data. You still have to comply with GDPR.
- Greater Penalties for noncompliance: The maximum fine for noncompliance with GDPR is up to 4% of annual global turnover, or 20 million euros—depending on which is greater.
- Explicit Consent required: Consent has to be given in an easy, accessible way before processing a person’s data. You also have to disclose the purpose for that data processing and make it as easy to withdraw consent as to give it.
Here’s a quick 3-min guide of how GDPR affects your business.
At a one time fee of just €395, OpenTracker’s Quick-scan Analysis can do a thorough Data audit and help you identify non-compliant features and help you keep avoid the dangers of expensive regulatory fines.
With an expert team at your disposal, we can help you identify the loopholes and shortcomings in the present data handling regime in your company, the state of preparedness of your business to deal with the GDPR provisions and also chart out a custom plan to help your business become and stay GDPR compliant.
We have already helped hundreds of companies with GDPR-compliance. Have any questions? Why not ask? We would love to hear from you.