[rossng]

My suggestion would just be to significantly ramp up the fines. No need to bother with pointless tickbox compliance audits and all that other stuff. Obviously you would also have to have some pretty strong rules around covering up security breaches - I would suggest explicitly making it a serious criminal offence.

Hopefully the GDPR will have a positive effect here. If you suffer a security breach, you can expect to face severe financial penalties. I'm sure companies will figure out how to secure themselves surprisingly quickly after they see a few of their competitors get fined several hundred million euros.

[candiodari]

IF we apply the same to political organisations leakage, then ok.

Keep in mind that Congress, EU parliament, EU commission and I'm sure many others were all hacked in the past 2 years. Needless to say, they all see themselves as above this whole regulation thing.

And of course, those penalties cannot come from the tax coffers. They need to be leveled against the pay of the politicians, because otherwise how could they ever work ?

The EU parliament's websites are currently clearly in breach of the GPDR as well. Let's start there, shall we ?

As long as this is their attitude, I feel like this is not an acceptable solution.

[sievebrain]

You are correct sir, however the EU commission believes it doesn't actually have to follow the gdpr at all! They were called out on their non compliant website shortly after the law activated and announced that for "legal reasons" they didn't have to follow it.