The EU = 1 vs. Equifax = 0
Equifax was hit with a $660,000 USD fine by the EU over its 2017 breach. It was the maximum penalty that could be leveled for failing to protect up to 15 million UK citizens personal information. GDPR did not apply because the breach occurred prior to May 25, 2018. But can you imagine the fine had the Equifax breach happened today? They would be made an example of and maybe just maybe it would help organizations understand the seriousness of protecting personal information.
If you read my blog posts at all you will be familiar with the concept of reasonableness as it relates to the law. I personally believe Equifax was negligent in their 2017 breach, read my post about it here. Also, I believe the fine leveled against them is a warning shot for companies, you are now put on notice, poor hygiene and processes will not be tolerated in the EU.