U.K. data privacy watchdog: Patch now or risk fines for failing to properly ascertain vulnerabilities. Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty. EU privacy watchdogs can levy fines of up to 18 million ($24 million) or 4 percent of an organization’s annual, global sales revenue – whichever is greater. Poor patch management has featured in many breaches that have led to fines.”]
Source: https://www.cuinfosecurity.com/patch-now-or-risk-gdpr-fines-later-regulator-warns-a-10575