OK, so I am not presenting this as typical.  It's not typical.  It can't be typical. Surely.... No, it genuinely isn't typical, but the Italian DPA has just fined a British company €5,880,000 for a data breach involving just 1,000 individuals.  The back story is complex - it was part of a money laundering act - but the authorities have confirmed that the fine was for the data breach and not the laundering.

The particularly scary point made in the article is that the fines were the maximum amount legal under the current data protection rules - but, post GDPR in May 2018 - the fines would likely be far higher!

If you are concerned about GDPR, the place to go is https://www.dillistone.com/gdpr-executive-search/