The maximum penalty is so big that it almost defies comprehension: 4 percent of an offending organization’s global annual revenue.
However, some companies may not believe that the EU and its member countries will be able to collect such sums after enforcement activity begins, which presumably will happen at some point.
For that or other reasons, more than one in ten (11.7 percent) of 490 participants in a Deloitte webcast in late June said their companies were taking a “wait and see” approach before moving toward GDPR compliance.
“A lot of people are sitting back and saying, 4 percent? That’ll never happen,” says Rich Vestuto, managing director of Deloitte Risk and Financial Advisory. “Well, what is the wake-up point, then? One percent? Half a percent? You’d still be talking about a tremendous financial penalty.”
Timely, incisive articles delivered directly to your inbox.