I read that there was some kind of grace period involving GDPR penalties. Has the EU handed out any fines yet, or is it still letting companies adjust?
The question is probably if it is state of the art to encrypt passport numbers. If yes, then Marriot could be fine with a similiar argument of "the company knowingly violated its duty to ensure data security".
The question is probably if it is state of the art to encrypt passport numbers. If yes, then Marriot could be fine with a similiar argument of "the company knowingly violated its duty to ensure data security".