Just when you thought the GDPR was last year's news the UK Information Commissioner's Office have warned British Airways they intend to fine them £183 million for breaching data on ½ million customers.
Unfortunately (from what I've read), the GDPR places an unreasonable burden on very small entities, but many of the huge data leaks of recent times either border on or are Waaay over the line of lacking reasonable care and effort.
Still, fining non-people (corporations) isn't nearly as good as holding Real People responsible.
My experience is exactly the opposite. I spent quite a bit of time in the run up to the introduction of GDPR advising clients. Most were clear of any problems (in an Internet sense), except where they were using third party services e.g. Google Analytics.
The problem, as always, is in micro orgs where the one person is responsible for human resources, tax, accounting, marketing, .... and GDPR. GDPR in itself isn't hard, but when added to all the other responsibilities.
@fitheach If so, then the large outfits have exactly zero excuse for being out of compliance.
What happened to BA is a bit different. It would appear they were dealing with sensitive customer data and didn't take sufficient care. The Info Commissioner warned that examples would be made of companies that were slack.
@fitheach This was my point earlier - many don't even seem to be trying weakly to safeguard private data. Slack is a good word for it. Lax is another. Wilfully negligent to save money?
Marriott effected 500 million people including millions of passport numbers and CCs.
Equifax was insanely incompetent. *After* the hack, Equifax directed customers to a fake security website that was a phishing scam. Next, pages on their website redirected to a fake Flash update which contained malware! & lied..