The UK ICO will not push to fine if disclosure is provided within 14 days OR there is evidence to show attempts were made to secure data.
GDPR should only strike fear if the organisation/individual actively harvested data to sell without a Privacy Policy or market without an opt-out request.
The ICO also offers a free advisory service that anyone can petition for help in conforming to GDPR alongside training docs already mentioned in comments.
Dealing with dentists. Let my fear control me for many years after an incident and because of that my Dennis lost his Gnasher.
Although wishing it was easier is all well and good, but these types of incidents in life are hard to give us a better perspective on what is important.
Also if someone attempts to change an email address linked with an account, an email could be sent asking for confirmation. 2FA is also becoming easier to implement for low level developers with Authy and Google Authenticator offering simple to follow boilerplates and documentation. Validation algorithm that forces a dictionary attack on password before successful registration could also be prudent.
Just like SQL injection and query prepare statements, issues are very much known but it's the want and need to act on them. GDPR should start to help this, but management tier individuals who push development time scales are also needing to be 'sold' the importance of this.
I would second this. The Brave browser based off of a Chromium build has some of the best tracker/ads shield I have seen. The recent ICO was very fruitful and it's Blockchain 'tip' system is interesting in its goal of 'removing the toxic middle'.
GDPR should only strike fear if the organisation/individual actively harvested data to sell without a Privacy Policy or market without an opt-out request.
The ICO also offers a free advisory service that anyone can petition for help in conforming to GDPR alongside training docs already mentioned in comments.