The risks of not protecting personal data

In most of today’s big markets, companies are required to protect data collected from their customers. There are laws and regulatory bodies in different countries that define what kind of data protection is necessary.

What if your company doesn’t follow data protection requirements? Failing to protect personal data can have severe legal, financial, and reputational consequences for a company, especially one operating worldwide. Here’s a quick rundown of the risks and consequences:

• Fines. Authorities can impose significant financial penalties for data breaches or non-compliance. For example, here are the fines stipulated in various data privacy laws:
  • The General Data Protection Regulation (GDPR) in the EU allows fines of up to €20 million or 4% of global annual revenue, whichever is higher.
  • The California Privacy Rights Act (CPRA) allows fines of up to $7,500 per violation per consumer — that is, per customer record.
  • China’s Personal Information Protection Law (PIPL) sets fines of up to 5% of annual revenue or 50 million yuan (~$7.5 million).
• Regulatory restrictions. Authorities may restrict business operations until compliance is restored.
• Operational costs. Data breaches require significant resources to remediate, including forensics, PR, and legal costs.
• Payouts to attackers when ransomware attacks occur.
• Lawsuits. Customers may file class-action lawsuits for data breaches or data misuse, leading to court expenses and financial settlements for damages.
• Reputational damage, which includes:
  • Loss of consumer trust and brand loyalty due to exposing consumers to the risks of identity theft and fraud. This leads to long-term revenue decline and loss of market share.
  • Negative press coverage and online backlash.

In practice, companies big and small have experienced data breaches and data leaks, and paid hefty prices. Speaking of prices, the costs of data breaches continue to rise year by year.