This is the question businesses need to be asking themselves when it comes to GDPR compliance. Under the GDPR it is mandatory to report a data breach to the Data Protection Authorities within 72 hours of becoming aware of it. The DPAs then have a responsibility to investigate each breach. If they find the business has failed to put reasonable measures in place to be able to demonstrate compliant processes and avoid some of the most common breaches, then they will have to issue an enforcement.
Whilst everyone has been talking about the significant fines that can be enforced under the GDPR, the Irish Data Protection Commissioner Helen Dixon has warned that “DPAs have the ability under the EU General Data Protection Regulation to order companies to cease all processing when necessary. This remedy, she stated, may be used more frequently than the infamous administrative fines of up to 4 percent of global turnover. And it may be just as devastating to organizations, if not more so.” [See full article here.]
For many organisations, being ordered to “cease all processing” would mean shutting down their entire operations and could potentially put them out of business e.g. outsourced services, payroll, financial companies, marketing to name a few.
If you haven’t already, now is the time to make sure you are protected from the most common data breaches such as emailing data to the incorrect recipients and not having adequate security measures such as encryption applied to sensitive data. For information on how Wizuda can help, click here www.wizuda.com/gdpr-encrypted-email/