Consequences: Hefty Fines Have Landed
T
he
regulatory tsunami has made it clear that compliant data destruction processes are not a choice and failure to comply creates exposure to large monetary fines.  Fines and legal liability are no longer hypothetical:
GDPR
and
CCPA
have wasted no time in exercising legal and regulatory authority to punish organizations that fall out of compliance.
GDPR
violations can result in fines of up to $20 million U.S. Dollars or 4% of an organization’s global annual revenue (whichever is greater). 
CCPA
fines are issued by the California Attorney General can be massive ($7,500/per breached record).  For example, under CCPA if an organization experiences a breach or violation and 10,000 consumers are affected, the fine could be $75,000,000.
GDPR violations
have resulted in hefty fines being levied against some of the world’s largest organizations including:
  • Marriott
    : $130 million (July 2019)
  • British Airways
    : $230 million (July 2019)
  • Google
    : $62 million (January 2019)
  • Austrian Post
    : $20 million (January 2019)
  • Duetsche Wohnen SE
    : $15 million (October 2019)

In addition to monetary fines,
CCPA violators
face additional liability: CCPA provides individuals the standing and right to bring civil action against an organization if that organization does not maintain ‘reasonable security’ procedures.  Barely a month after CCPA went into effect, the first lawsuit citing CCPA in its judgement sought was filed. On February 3, 2020, a class action lawsuit was filed in the U.S. District Court for the Northern District of California naming Hanna Andersson and Salesforce as defendants. 
(Barnes v. Hanna Andersson, LLC)
.  If successful, the Plaintiffs will be entitled to a devastating amount of money.