Well no, Musgraves weren’t fined €148m. However, if yesterdays Cyber Attack happened after GDPR enforcement kicks in next June, that’s exactly the sort of headline and scale of fine they could face.
But credit where it’s due. Well done to Musgrave’s board and management team for facing the breach head-on and quickly alerting customers to the risk. Their prompt action means authorities, banks and customers can take immediate steps to protect customers from further exposure.
At least for me, after seeing the Musgrave response, I’m comfortable trusting my sensitive and personnel data with such a responsible retailer.
GDPR & CyberSecurity
Come May 25th next year, organisations face Data Protection fines of up to 4% of their global revenue.
Taking the Musgraves Cyber Attack as an example, 2016 group sales of ~€3.7bn means a potential €148m GDPR fine. A profit of €89m and only €121m cash in the bank would lead to a robust shareholder meeting to say the least with board members facing difficult questions to answer.
Given the professional, transparent and prepared way which Musgraves appear to have handled the Cyber Attack, in my opinion it’s unlikely they would have faced the full wrath of the Supervisory Authority (Data Protection Commissioner).
Prepare, Prepare, Prepare
Cyberattacks are part of business today, but the survivors in a GDPR world will be those organisations who prepare, prepare and prepare. It doesn’t matter if you’re a major retailer like Musgraves or a local restaurant, GDPR applies to all.
Are you prepared for GDPR?