Re: Bug < Windscreen
"Working on the basis that most law is lightly enforced, wheres the scene in spending mega bucks if the outcome is a low probability of a manageable fine?"
Remember that the ICO or equivalent in your jurisdiction isn't likely to come checking if you're compliant, they'll be responding to complaints from data subjects. So if you want to minimise your risks don't, as a company, stick your head above the parapet.
Your biggest risk takers in this respect are likely to be your sales and marketing department. Historically such departments have failed to grasp the fact that what they call valuable marketing information when they send it out is regarded by the recipients as junk. If your S&M department has spent the last few years pissing off people in this way it's going to be payback time for those of use who they've pissed off.
So go through all their digital assets with a fine tooth comb making sure they aren't holding any PII that they haven't obtained with explicit consent to use for marketing purposes. They'll probably complain that they can't do their job. Tell them that their job isn't putting your business in line for big fines. If you business is headed by somebody with the instincts of a double-glazing salesman it's best to start looking to jump ship now, especially if your job title or responsibilities include anything along the lines of compliance officer.
Biting the hand that feeds IT
