GDPR Fines: So Now We Know
In the past few days, Marriott and BA were both hit with $100M+ fines for breaches. While both are going to appeal, the benchmark has been set, and we now know that the regulators are serious about enforcement. One interesting fact – if the reports are accurate, Marriott is being fined under the GDPR, while the breach occurred before it went into effect. That certainly changes the risk equation, as retroactive security is, alas, still beyond our ability today. I suspect we’ll see a similar seriousness with CCPA (the new California regulation), though those costs will include consumer litigation as well.