With GDPR, the data protection agencies have grown teeth. And fangs. And claws and talons.
GDPR enforcement is young, and the goal is compliance, not maximum fines. So depending on the offence and the offender, they start with a warning or a small fine. This will ratchet up and the maximum is € 10 million or 2% of the previous year's annual revenue (not profit), whichever is greater!
Microsoft's annual revenue for FY 2022 (I guess they are early) was almost $200 Billion. So the fine for them could be $4 billion. Yes, that's noticeable and not something you want to explain to your shareholders.
And of course this seems to apply to their customers, for whom margins tend to be tighter, and for whom IT is not their main business, but an operating expense in the first place. For example, Volkswaken has an operating profit of around 6-7%. So 2% of revenue is around a third of their profit. And also around a third of their entire R&D budget. Yeah, compliance is the cheaper option by far.
There were plenty of EU countries with privacy laws. The laws were all ignored by all but the largest companies in the country. Getting FAANG to take note of local law was basically impossible.
On paper, the GDPR is weaker than what it replaced in my country. I lost some privacy rights with the GDPR, and gained some bureacratics if I want my rights enforced. In practice, the GDPR gets some following, even outside the EU. It has teeth.
I mean, yes, that's what it used to be, pre-GDPR.
With GDPR, the data protection agencies have grown teeth. And fangs. And claws and talons.
GDPR enforcement is young, and the goal is compliance, not maximum fines. So depending on the offence and the offender, they start with a warning or a small fine. This will ratchet up and the maximum is € 10 million or 2% of the previous year's annual revenue (not profit), whichever is greater!
Microsoft's annual revenue for FY 2022 (I guess they are early) was almost $200 Billion. So the fine for them could be $4 billion. Yes, that's noticeable and not something you want to explain to your shareholders.
And of course this seems to apply to their customers, for whom margins tend to be tighter, and for whom IT is not their main business, but an operating expense in the first place. For example, Volkswaken has an operating profit of around 6-7%. So 2% of revenue is around a third of their profit. And also around a third of their entire R&D budget. Yeah, compliance is the cheaper option by far.