Re: GDPR can't Fix this
Would GDPR fines apply in this case?
It wasn't that they were deliberately selling customer information - they got hacked.
We don't fine banks when they get robbed (ok. we don't fine them when they deliberately mislead and rob customers either but that's a different story)
They were obviously incompetent, but imagine - if you get hacked because of a zero-day exploit in Windows should you get fined 4% of your turnover, or should Microsoft be fined? If your AWS bucket is hacked does the Eu get 4% of Amazon book sales?
But if you aren't responsible when your cloud provider gets hacked - what stop Equifax setting up "Equifax data processing Europe Inc", a subcontractor with no assets.