There has been a lot of talk about the GDPR lately as the implementation date comes closer. Within this GDPR series, we have taken the time to dissect the different parts of this complex regulation. What we haven’t talked about yet are the risks that come with not complying with the GDPR.
Effectively, the GDPR establishes a number of tools to enforce the new rules, such as penalties and fines. Fines are adjusted according to the circumstances in each individual case. A few factors will be taken into consideration when deciding on an appropriate fine. Some of these fundamental factors will include the following:
– the gravity/duration of the violation;
– the number of data subjects affected and level of damage suffered by them;
– the intentional character of the infringement;
– any actions taken to mitigate the damage;
– the degree of co-operation with the supervisory authority.
These regulations set two ceilings for fines in case of the rules not being respected.
The first category sets fines up to a maximum of €10 million or in case of an undertaking up to 2% of worldwide annual turnover. This would be the case if a controller does not conduct impact assessment, as required by the regulation.
The second category concerns the higher-level fines which will reach up to a maximum of €20 million or 4% of the worldwide annual turnover. This fine will be applied if for instance there is infringement of the data subjects’ rights under the regulation.
A general thought is that the GDPR is just an IT issue, however this is far from the truth. It will also have a weighty impact on sales and marketing companies for example. The conditions of obtaining consent are very strict as the individual must have the right to withdraw consent at any time.
Data turned out to be a very valuable currency in our new way of living. Therefore, this means companies need to value the data subjects’ privacy as well. A plan of action is of great importance at this point to make sure your company is compliant with the GDPR.
Do you want to get more information about GDPR? Read the previous articles.
GDPR Series – Episode 1 : What is GDPR?
GDPR Series – Episode 2 : What are the basic principles of GDPR?
GDPR Series – Episode 3 : What are the 6 possible legal bases?
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?
GDPR Series – Episode 6 : How is consent applied in GDPR?