Data security professionals reckon that the first big GDPR fines - proposed by the UK Information Commissioners Office against British Airways and Marriott - will force organisations to sit up and take note, but they will not necessarily trigger a major change in current privacy policies and practices.
According to a survey carried out by security firm Tripwire, 43% of security chiefs said the planned fines were “appropriate”, 42% said they should have been greater, while only 12% thought the penalties were too high. 423 people took part in the Twitter poll.
Last month, the ICO revealed two "notices of intent" to fine BA £183m and Marriott International £99m for serious breaches of the new regulation. Both companies have responded by saying they intend to fight the proposed fines.
While the penalties dwarf the ICO’s maximum £500,000 fines under the Data Protection Act 1998, only 25% said the fines were likely to change policies and practices, a similar number (22%) said they believed there would be no change, while the majority 52% said there would be some "tweaking", but no major alterations.
However, the most positive indication from the Twitter poll was that 60% said they believed the fines would cause their organisation to take GDPR more seriously.
Tripwire chief technology officer David Meltzer said: “As we wait to see how, or if, these fines will be paid out, GDPR enforceability has caught momentum. What’s interesting about the poll results is that while these fines might inspire more action on the companies’ parts, they don’t inspire more confidence in individuals that their personal data will be better protected.
“Organisations will have to continue working for their customers’ trust. Those who have put the right amount of focus in establishing best practice fundamental security measures have a head start."