Inadequate Protection of Personal Data Gets Fined

    The world’s going through a rapid digitalization and Web 4.0 and the mass popularity of social media are the outcomes of that. Consigning personal data to numerous sources has become an everyday practice for humankind. From user-generated contents (UGC) to reaching out for various specific services, sensitive information is constantly dumped into the system with explicit consent. 

    Yet, thanks to advanced AI, machine learning or deep learning, collecting sensitive data can be processed to obtain leads about the customer records even further now. Thus, thanks to data mining, data-driven marketing or product management became extremely important for a successful business. 

    Keeping that in mind, the necessity to provide solid protection over those data gets more critical. Moreover, there is a common fear around the globe against data breaches. Pewresearch’s report claims that almost %80 percent of Americans believe that the potential dangers of companies collecting data are greater than its possible benefits. Businesses are perceived as actors  failing to protect the data.

    Eventually, many governments have taken necessary measures  to make sure that sensitive data is not getting breached by malicious hackers. The EU implemented the GDPR (General Data Protection Regulation) in 2018 which includes tough measures for various businesses. If they don’t abide by the regulations and don’t increase the protection over personal data, they are going to be fined continuously.

    Consequences of Poor Personal Data Protection

    It is possible to see examples of violations and penalties all over the world. Capital One, which suffered a major data breach in 2019, was fined $ 80 million by the authorities for failing to establish the necessary risk assessment systems.

    Cyber criminals will eventually find ways to penetrate weaknesses within cyber security systems. For example, a cyber attack targeting one of the largest patient chains in the USA recently resulted in the cancellation of operations in 250 hospitals and the hospital team returning to pen and paper. 

    Examples of weak cyber securities ending up with horrendous results can be heightened even further. In September, a person died for the first time as a result of another cyber attack targeting the IT systems of a large hospital in Düsseldorf. At the beginning of the year, 15 million patient data from Canada’s largest medical testing company were leaked. Further information on this subject can be obtained from this report by CPOmagazine.

    Therefore, it is quite logical for governments to push strict regulations on personal data protection. Either monetary or physically, risks of receiving critical damage from breaches should be avoided. Huge GDPR fines are billed out for that purpose. In this article published by Data Privacy Manager, it can be seen that Italy, Germany and France are the countries which were fined the most because of the data breaches.

    Turkey is no different with its GDPR (KVKK) that has some extensive and detailed scenarios to prevent any sort of data breaching. To get a grasp of how carefully this issue is handled, fines hold a good example. The government’s range of fining for not meeting the requirements of adequate cyber security protection is between 27K to 1.8M Turkish Liras. Thus, companies should be aware of the significance of providing solid cyber security. 

    To prevent from getting fined, there are certain measures that demand constant attention. Transparency is one of them since GDPR is looking out for it extensively. When a business gives too much information, it disrupts the understandability of the text and therefore results in getting fined. When too little information is included, it ends up receiving sanctions for not being informative enough. So, along with improving their cyber security, institutions should also be alert on the information they share with its customers. 

    Proactive Measures Should Be Deployed

    Eventually, data breaches are costly for any scenario in which there are weak cyber security measures. To avoid heavy penalties, businesses had better deploy a proactive approach and get themselves ready. Moreover, with the new normal, companies  not only need to protect their own networks now, but also ensure that their employees who connect from their homes are also safe on the internet. 

    In line with this, a time-saving but solid method to increase cyber security needs to be urgently implemented. Since it’s been proven that regular pentests are inadequate and time-consuming, crowdsourced solutions emerge to assist companies actively. They are able to test the current patches and make sure that the personal user data is completely safe. 

    Bug Bounty and Vulnerability Disclosure Programs gain further importance in this context, and if necessary actions are not taken, law enforcement will often have to intervene to prevent data leakage. . Therefore, it is a collective duty to remove vulnerabilities quickly and stay strong against cyber attacks and security breaches.


    The matter of personal data getting breached causes serious problems around the world: First of all if any data gets breached, the company will suffer a huge loss up to 4M Dollars. Secondly, if the necessary requirements for personal data protection are not met, government agencies will fine those companies nonetheless. Since personal data usage is increased, more precaution is demanded without a doubt.

    In order to prevent major disasters and unwanted consequences, companies can see their vulnerabilities by having their systems tested on a controlled platform and protect themselves by acting quicker than malicious hackers. 

    BugBounter offers a bug bounty platform that quickly and effectively addresses the demand for finding vulnerabilities. Thanks to the independent research community registered on the platform, bug bounty programs result in being proactive and always ready.

    Act before getting hacked: Join our platform

    Schedule a call with BugBounter: Contact us