alt Hacker News> I don’t understand why any company would want the liability of holding on to any personal data if it wasn’t vital to the operations of the business, considering all the data breaches we’ve seen over the past decade or so.
They're OK with the liability exactly because of this very sentence. As you said, there's so many data breaches... so where are the company-ending fines and managers/execs going to prison?
Replies
GDPR has fines:
Up to EUR 10,000,000 or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements such as controller and processor obligations, security of processing, record-keeping, and breach notification duties.
Up to EUR 20,000,000 or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements of basic principles for processing, data subjects’ rights, and unlawful transfers of personal data to third countries or international organisations.
Here in Japan the government cracks down on it hard. There are fines for every n users exposed and in extreme cases a company can be forced to stop trading for a period of days or weeks. Companies are so scared of this happening to them that a significant portion of orientation for new employees is spent on it. I don't have stats on how effective it is, but I do know that the public is less willing to accept it as they tend to elsewhere.