Re: A poor reflection on the industry
"Why? It's already a data breach is already an offence, the bulk of the change is simply that the penalties COULD be much higher."
Breaches themselves are not an offence, failing to secure adequately is. In the same way that crashing a car isn't a crime but dangerous driving is.
GDPR covers a lot more than the larger fines though. There's mandatory disclosure, so reputation damage is always a risk. Then there's the subject access and consent rules so people can take action to make sure that the data isn't there to be lost. And then there's collective action that means everyone will be able to collect damages, not just those that can afford lawyers.