Do You Know the Risks of Not Complying with GDPR and Other Privacy Regulations?

Do You Know the Risks of Not Complying with GDPR and Other Privacy Regulations?

Diogo GouveiaProducts and Solutions Leave a Comment

Some years ago, the privacy and security of personal information was a topic that hardly received any attention. The compliance of organizations regarding their management of customers’ personal data has become more important than ever, particularly due to the ever-growing presence of technology and its properties which contributed towards the increased monitoring and auditing that is carried out throughout businesses worldwide today.

How Did the Security of Personal Information Become So Relevant?

Any organization, regardless of being a for-profit business, a government department, or a non-profit, holds the need to store personal data of their customers or target audience, to better understand and meet their demands and needs. Personal Identifiable Information (PII) and Personal Health Information (PHI) are considered to be the two main types of critical personal information, and virtually anyone that gains access to these may easily identify the individual to whom they relate to, thus, exposing sensitive knowledge and increasing its risk of being shared to another array of parties, which could put someone at risk.

Back in the day, personal information such as an individual’s full name, social security number, contact information and other types of sensitive data were archived in paper format, and the implementation of data privacy and protection policies was not as necessary because the access to the information was only possible within its spatial proximity. However, the times have changed, and with the digitalization of businesses, it became possible to access data from anywhere in the world, rendering geographical locations irrelevant for the most part. Although this can prove to be quite handy, and even more so as a result of COVID-19, it does require organizations to be more aware of regulations like GDPR and PCI DSS.

The Consequences of Not Complying with Legal Requirements

Compliance laws and regulations are now at the forefront of the management of sensitive data, and for this reason, it is crucial for companies to stay compliant and aware of the obligations they must follow. In the event of a breach, an organization may be subject to paying fines which are getting more expensive and recurrent by the minute.

For instance, under GDPR law, the EU’s data protection authorities can inflict fines of up to €20 million, or 4% of the annual global turnover for the year (whichever is highest), to any company or body that has failed to comply. At current exchange rates €20 million is about $20.67 million.

Another example of a compliance regulation is PCI DSS. It was created in 2006 by the major bank card brands, like Visa and Mastercard, to prevent identity theft and other risks. Any entity that wishes to accept credit and debit cards must comply. This certification ensures the security of credit card data through a set of principles established by the Payment Card Industry Security Standards Council (PCI SSC), such as the use of anti-virus software, encryption of data transmissions, and the installation of firewalls to filter the information that enters and exits the systems of the organization.

Fines for violation of PCI DSS can vary from $5,000 to $100,000/month, until compliance is accomplished, and while this may be manageable for a big bank, it could easily put a small business into bankruptcy.

But let’s go back to GDPR. Data indicates that from July 2021 the cumulative value of GDPR fines increased exponentially, almost reaching the €1.7 billion mark. This growth results from the multiple violation of GDPR policies, which, as mentioned, fluctuate in their value. To date, the most expensive GDPR offence was valued at €746 million.

This is clearly shown in the following chart that presents the Cumulative GDPR Fines over time (from January 2017 to August 2022).

What Can Companies Do to Avoid Non-compliance Fines Then?

Cumulative GDPR fines

Breaching regulations, even accidentally, will never bring your business anything good. The best way to avoid going down these dark paths is to guarantee the systems you operate are aligned with all regulations, including all your software.

One case in which this can be especially hard is when you are not able to set the same permissions throughout your software applications. Let’s have a look at a very specific example.

Having a Customer Relationship Management Software (CRM) to easily manage and navigate through customer accounts is quite common. However, besides these, companies will have documents and other types of files that need to be stored and linked to the accounts, so they can be efficiently located and reviewed at any time. When the CRM used is Microsoft Dynamics 365, SharePoint is a common choice for the Document Management needs.

Although both these applications work wonderfully together, there is a problem resulting from storing Dynamics 365 documents into SharePoint - permissions set in the CRM are not replicated onto SharePoint. This increases the risk of breaching compliance policies since anyone that has access to SharePoint will have access to all this information, which may contain sensitive and confidential data.

Thankfully, we’ve got you covered! CB Dynamics 365 to SharePoint Permissions Replicator is our out-of-the-box solution that mirrors the permissions set in Dynamics 365 to SharePoint. And, by the way, it’s also WCAG 2.1 compliant, but that’s another story!

Aside from the safety and accessibility side of it, our solution features:

  • Easy installation;
  • Clear user mapping;
  • Version updates and included technical support;
  • Live synchronization of permissions;
  • Free 15-day SaaS trial.

You won’t have to worry about manually changing your permissions in SharePoint after you’ve set them in Dynamics 365, CB Replicator does this instantly! Thus, regarding who has access to which Dynamics documents in SharePoint, GDPR and PCI DSS compliance will automatically be taken care of, leaving you worry-free about having to pay non-compliance fines.

Do These Solutions Make Sense in Terms of ROI?

Return-on-investment (ROI) is the best way to assess the profitability of your investment in a product or service. The value of fines for breaching compliance regulations varies based on the infringements that occurred, so, for the purpose of demonstrating how beneficial it is to invest in compliance, let’s look at the hypothetical scenario of a GDPR breach for the exposure of clients’ sensitive information on SharePoint, to other non-relevant departments of a company, which resulted in a fine of $1 Million. Remember, fines can go up to €20 Million or 4% of turnover. For this example, the ROI would depend on the size of the company:

  • Small-sized businesses

50 employees work for company A. In this case, a $1 Million fine would most likely drive the company into bankruptcy, but admitting this would not happen, the cost of CB Dynamics 365 to SharePoint Permissions Replicator, on a SaaS deployment for 50 users, for 2 years is $4,200. Considering these $4,200 as an investment to avoid paying a fine of $1 Million, company A’s compliance ROI for a 2-year period would be an astonishing 99,58%!

 

  • Medium-sized businesses

Company B has 300 employees. For them, the cost of CB Replicator, for 2 years would be $25,200. When comparing this value to the $1 Million fine, their return on investment would be 97,48%! Clearly, it is well-worth the investment to have the peace of mind of not having to beg for a loan to pay a non-compliance fine.

 

  • Large-sized businesses

Company C has 2000 employees. Perhaps a company of this size wouldn’t be as alarmed as other smaller businesses, however, if we consider that CB Dynamics 365 to SharePoint Permissions Replicator, in the same configuration as in the previous examples, would cost them $160,000, they are still obtaining an ROI of 83,2%!

Essentially, the lesson to be drawn is that it is worth investing in compliance in the long run, regardless of the size of your business.

Conclusions

As stated on their own website “The GDPR’s stiff fines are aimed at ensuring best practices for data security are too costly not to adopt”. ~in other words, the very purpose of these non-compliance fines is to force businesses into becoming compliant if they wish to avoid bankruptcy, thus, their value will always be towards the upper end on the scale.

Also, although the examples above are on GDPR specifically, PCI DSS fines have the minimum amount of $5,000 per month until compliance is achieved. Even if action is taken immediately, some time may still be required to solve the problem. Let’s say it takes a company 3 months to fully change their internal business processes, by that point, if they’re lucky enough to be fined at the minimum value, they will owe $15,000! Is it certainly not something to be taken lightly. And the fine itself is not the only concern, as a GDPR breach leads to the damage on a brand’s reputation, loss of trust from customers, investigation costs, disruption of operations, and so on.

As with everything in life, the safest option is to think ahead and prevent unfortunate events from happening in the future. With CB Dynamics 365 to SharePoint Permissions Replicator, you can rest assured that you will never have to go through this nightmare regarding your SharePoint permissions, plus, it runs in the background, so you won’t even know it’s there!

Do not hesitate to contact us and ask for a free trial or demo! We are more than happy to let you in on the fun 😉

maxresdefaul

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.