Feb 05, 2019
Even as organisations grapple with privacy regulations such as the General Data Protection Regulation (GDPR) and the ensuing California Consumer Privacy Act (CCPA), there’s uncertainty about the true nature of the financial risks they pose.
GDPR in theory could carry fines of up to four percent of global sales, but whether sanctions of this severity will truly be levied is a common question among large organisations. Some would even contend it makes sense to wait and see what regulators do before spending money on privacy initiatives.
Such lines of reasoning miss a few crucial points. Given the potential magnitude of the sanctions, regardless of their likelihood, top management such as the board of directors are now on notice as fiduciaries. They should have a very clear answer as to what the organisation is doing to mitigate risk.
Moreover, as new privacy regulations continue to be developed, what steps are they taking to prepare their organisation for this new landscape? They have a fiduciary responsible to ensure proper measures are taken to prevent severe fines and avoid reputational damage.
No one wants to be made the poster boy on a privacy breach and consequent fines. It should also be noted that the usual risk-deflection method of insuring away the risk is not available. In that sense, regulatory compliance is no longer business as usual, and neither is privacy.
Please visit SC Magazine to read the full story.
Click here to download the PDF version.