Every controller and processor should aim to prevent data breaches. If it were only the prevention of a possible sanction, it would still be somewhat manageable. But the costs for detecting and repairing the data breach, documenting the data breach, notifying the AP and any parties involved and instituting a defense when recourse is instituted by third parties and / or related parties can get out of hand. We are not yet talking about the possible costs of reputational damage.
Preparing for an incident that could lead to a data breach is a challenge not only for security people and IT professionals, but also for the management of the organization, the lawyers / attorneys and the professionals who ensure compliance. In the preparations, an integrated team of specialists will be put together who can fight against data leaks with the right means.