24 Nov Companies Struck by Data Breaches Can Expect Heavy Fines in EU
The recent data breach disclosure by Uber has brought attention to provisions in the GDPR which state that public and private companies operating in the EU will be subject to fines should they fail to report breaches that involve personal data.
The penalties can go up to 2% of global annual revenue or €10 million ($11.77 million), whichever is higher. Companies caught processing personal data without consent will face fines up to 4% of global annual revenue or €20 million, depending on which one is higher.
Laura Jehl, a partner at Baker & Hostetler LLP said that Uber may potentially incur the maximum fine since the company waited for a year before disclosing the breach.