| ▲ | PeterStuer 9 hours ago | |
It is acceptible. I have sat many times through compliance meetings and negotiations. I would think compliance officers of very large enterprises know their game. | ||
| ▲ | d1sxeyes 8 hours ago | parent [-] | |
You might think that. But there’s plenty of evidence suggesting you would be wrong. The biggest fines under GDPR have been for Meta, Amazon, TikTok, Uber, LinkedIn. Even outside of tech you don’t have to look too far down the list to find H&M, British Airways, Marriott Hotels, Vodafone… https://www.enforcementtracker.com This example specifically refers to failure to adequately secure systems against unauthorised use: https://www.enforcementtracker.com/ETid-2306 This one is even closer to what you’re saying—Vodafone didn’t do enough to monitor third parties working for them: https://www.enforcementtracker.com/ETid-2646 | ||