Data Protection is and will always be a question of risk management. However, due to increasing fines by applying the General Data Protection Regulation (GDPR), the necessity to manage the companies’ risks adequately reached a new level. In this context, possible fines of 20 Mio. Euro or four percent of the companies’ total worldwide income are mentioned frequently. The risk additionally increases in the context of (sensitive) customer data.
In reality, the risk of processing customer data seems to be much lower than the actual cap of the GDPR. Fines do not even get close to the cap and the issue of warnings is more likely to be the standard tool of the supervisory authorities. So, how high is the risk?
Analyzing this question is an important and critical task for every company. This analysis not only includes the customer data’s need for protection and whether a data breach is likely but also the frequent assessment of the supervisory authorities and their behavior.