Ideas surrounding post-GDPR landscape have been reported on extensively, from how to plan to the financial fallout.
It is important to ready the organisation for the GDPR storm and to understand just how much the regulatory landscape is going to change, in terms of fines incurred. The stakes are high.
According to a government survey, in 2015, 90% of large organisations and 74% of SMEs reported suffering a security breach, leading to an estimated total of £1.4 billion in regulatory fines.
This is a drop in the ocean post-GDPR, according to PCI Security Standards Council.
In 2018, new EU legislation will set regulatory fines at 4% of global turnover, far exceeding the current maximum of £500,000.
Under this new universal EU provision, regulatory fines for cyber security breaches could rise to £70 billion for large firms and £52 billion for SMEs.
This represents a 130-fold, or £11 million on average fine increase for large organisations.
While regulatory fines for SMEs could see a 60-fold increase, averaging £13,000 per SME.
New regulatory fines represent increases of 130-fold for large organisations and 60-fold for SMEs.
Significantly, if cyber security breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion last year, to an incredible £122 billion.
Jeremy King, International Director at PCI Security Standards Council, commented: “The new EU legislation will be an absolute game-changer for both large organisations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.”
“Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”