More of a topic of discussion, specifically in terms of GDPR breaches. I talk predominantly around the monetary fines that can be handed out.
Recently it was revealed that a "Coding Error" in an NHS England system caused a perceived data breach, and contravened GDPR stipulations. The Information Commissioners Office was informed and no doubt it will be investigated.
My question is: Are monetary fines the answer in such situations? To remove vast sums of money from this organisation, like many others, may cause severe harm to the way it operates in the immediate aftermath, with undoubted reduction in services, and/or potential loss of employment. It would appear the effect might reach down the ranks as well as up them, and who knows what sort of effect it could have.
The next question is, what would be a better option in such cases? Is there a better option, even?
Now to be clear I'm not being intentionally naive here, I appreciate the fines or any other action taken will be proportionate to the offence, and I know it's likely money wouldn't be removed from public serving areas, but that raises yet more questions.
If you'd like to read any more on the NHS coding error the link is below.