The High Cost of Data Protection Breaches

In our last article, we took a quick look at how the differing robustness of data protection laws around the world can potentially cause significant issues for global mobility professionals handling relocations. Although conforming to the complex and changing global regulatory environment can be challenging, there is a real potential of serious penalties across the world for those who do not adhere to the often-strict regulations surrounding data protection. As both legal requirements and the type of sanction vary from country-to-country, it can be hard to know where you stand.

Careless Talk Costs Careers

The European Union (EU) is the only global organisation that had made any real headway in pushing for a globally unified set of regulations to cover data protection, with other countries passing their own, sometimes wholly ineffective and inadequate, laws. The various penalties doled out by different countries around the world include fines, imprisonment, business suspension and business prohibition (see the map below).

For global mobility managers, this means that complacency around matters of data protection can hold serious consequences for you and your business. Not only do you need to keep an eye on the needs of your clients while juggling various destination service providers, but the personal data sent out to these has to be monitored carefully. Full processes must be developed to ensure that there are no unintentional breaches of data security, while still providing people with the information they require to complete their duties successfully.

Although financial penalties are the most common type of sanction handed out by governments to businesses that do not adhere to the correct data protection procedures, in some locations, they are relatively minor, and may not amount to much more than a symbolic slap on the wrist. It is the implementation of other punishments that could indeed bring grave consequences for you and your company, should you run afoul of the regulations.

Imprisonment can be a real risk in 25 of the 80 countries we looked at, which is clearly a critical result in itself. In addition to fines and incarceration, many countries threaten business suspension and business prohibition. The latter of these should serve as a special warning to entrepreneurs, as a prohibitory strike for a data protection offence could be the end of their career as a business owner. After all, when a court issues a business prohibition, the individual in question will no longer be allowed to found, run or be on the executive board of any company.

“A key issue for global mobility professionals can be successfully navigating the complex regulatory environment that has evolved around the protection of personal data in the past 10 to 15 years. The penalties that can occur from a major slip-up in this area are serious and potentially career-ending. This is particularly challenging when handling a relocation process where data needs to flow across multiple countries.”

Sebastien Deschamps, CEO and co-Founder of assignment management software ReloTalent.

As for larger businesses, a major infraction of data protection policy in many countries could leave to the suspension and even termination of the firm. Often business suspension could just mean a temporary stoppage, perhaps while an audit of your company’s data protection procedures is carried out and any subsequent changes are performed. Regardless, a significant legal blemish such as this is something that all of us should be aiming to avoid.

Can You Afford the Cost?

Although some of the other penalties offer more direct problems for those who run afoul of data protection laws across the globe, the hefty recompense companies may be required to provide in the form of a financial penalty should be a major cause for concern. As previously mentioned, some countries only demand relatively small fines – such as Russia who have a maximum fine of just US$1,260. Other countries, however, take this form of punishment much more seriously (see our map below).

Compared to Russia’s relatively insignificant maximum financial penalty, in 2010 the United States’ Federal Trade Commission fined Lifelock, an identity protection company, US$100 million for violating a previous order. Huge fines like this are becoming more and more probable as countries around the world introduce new regulations and bolster existing ones to increase personal data security. Although some conglomerate firms would be able to absorb this cost with little thought, for the majority of companies, a fine like this would be a death sentence.

With the introduction of General Data Protection Regulation by the EU, fines of over US$20 million, or 5% of a company’s worldwide turnover, a whole swathe of states will be able to punish negligence in the realms of data protection like never before. Ensure that you do not get left behind and become at risk, as nations across the globe scramble to meet the new EU requirements, and this already rapidly changing environment begins to evolve at an even faster rate.

SOURCES:

Data on penalties for breaching data protection laws around the world was taken from the DLA Piper Data Protection comparison site, or the relevant governmental websites.