DORA Non-Compliance & Financial Consequences
The Digital Operational Resilience Act (DORA) is now in force across the EU. Financial institutions and ICT service providers are expected to demonstrate controlled, verifiable ICT risk management, including secure data handling practices.
Failure to comply with DORA requirements may lead to significant fines imposed by national authorities. ICT third-party service providers, for example, may be liable for penalties of up to 1% of their average daily worldwide turnover from the preceding year.
What Could That Mean in Practice?
Example: Mid-size ICT provider
Annual revenue: €150,000,000
Average daily turnover: €410,000
Daily fine (1%): €4.100,00
Maximum penalty over 180 days: €738.000,00
Operational gaps in data handling, such as uncontrolled retention, incomplete deletion, or insufficient evidence of erasure, can expose organizations to regulatory findings and financial risk.
The Key Challenges Under DORA
Understanding the risk is only the first step. The real challenge lies in operational implementation.
- Limited Visibility Across the Data Lifecycle – Most organizations focus on visible business data, while system-generated and residual data remain outside clear governance, creating blind spots and hidden risk.
- Loss of Control Through Standard Deletion – Deleting files does not eliminate them. Without secure erasure, data becomes invisible but still recoverable, increasing compliance and security exposure.
- Difficulty Demonstrating Compliance – Policies alone are not enough. Organizations must be able to prove data discovery, retention enforcement and secure removal in a clear and auditable way.
What You’ll Learn
In this session, we move beyond theory and focus on the operational side of DORA-compliant data handling. By the end of this session, you’ll have a clearer framework for improving visibility, control and demonstrability in your DORA data handling processes.
- Translate relevant DORA articles into operational data handling requirements
- Increase visibility across the full data lifecycle
- Reduce residual data risk caused by standard deletion
- Strengthen retention enforcement with secure erasure
- Move from assumed control to demonstrable, audit-ready compliance
Who Should Watch
This webinar is designed for professionals responsible for operational resilience, data protection, and ICT risk management, including:
- CISOs and IT security leaders
- IT infrastructure and endpoint management teams
- Compliance and risk officers
- Data protection officers (DPOs)
- ICT service providers supporting financial institutions
If you are responsible for demonstrating ICT risk control under DORA, this session is for you.
Watch Webinar: A Practical Guide to DORA-Compliant Data Handling
If your organization is reviewing DORA-related data handling practices, our team can help you assess visibility gaps, retention processes and erasure workflows.
Related Resources
For a deeper exploration of the topics discussed in the webinar:
- The Data Iceberg: Why Protecting Only Visible Data Isn’t Enough
Explores the visibility challenges across active, system-generated and residual data – and how hidden data impacts ICT risk. - How to Comply with DORA’s Data Handling Requirements Using Secure Erase Tools
Breaks down the relevant DORA articles and explains how secure erasure supports ICT risk management and audit readiness.
Speaker
Alexey Boltunov
Chief Operating Officer (COO), International
Alexey Boltunov is Chief Operating Officer at Jetico, with over a decade of hands-on experience in endpoint data protection and secure data handling. With a background in engineering, software testing and operations, Alexey has worked closely with organizations operating under strict security and compliance requirements – from government agencies to regulated commercial enterprises.
In recent years, his focus has shifted toward helping compliance-driven organizations translate regulatory requirements such as GDPR, NIS2 and DORA into practical, operational data handling processes. His approach combines technical depth with real-world implementation experience, bridging the gap between regulatory expectations and day-to-day data management.
Supporting DORA-Compliant Data Handling with BCWipe & Search
Turning principles into practice requires the right operational tools.
Under DORA, organizations must maintain control over data throughout its lifecycle and demonstrate that control when needed.
Jetico’s BCWipe and Search capabilities support this operational model by enabling organizations to:
- Discover sensitive data across endpoints to strengthen visibility and retention enforcement
- Securely erase data that has reached end-of-life, preventing recoverability and residual risk
- Generate audit-ready evidence to support compliance reviews and regulatory oversight