The GDPR imposes stiff fines on data processors and controllers for non-compliance.
GDPR non-compliance could be the beginning of the end for a good number of companies doing business in the EU.
According to the new GDPR and DPA compliance rules set up by the EU, it is mandatory for all organizations to ensure compliance to the new regulation that is set to take effect in May 2018. Failure to comply will lead to severe fines and penalties, something that most companies could do well to avoid. The Data Protection Act of 1998 (DPA) is being enforced by the Information Commissioner’s Office (ICO). There are a number of repercussions when it comes to a breach of the DPA of which data processors and officers need to be aware:
- In the case of serious breaches, the financial penalty is up to £500,000.
- Possible prosecution with a prison sentence (if the culprit is found to purposefully be trying to breach the DPA).
- Organizations who breach the law must take necessary steps to adhere to the law.
- The ICO has complete authority to audit various government departments without consent.
By May 2018, the EU will enforce the General Data Protection Regulation. Organizations who are found to breach this law will face larger fines. Additionally, there is also the possibility of insolvency or business closure if the business fails to comply with the GDPR.
Businesses have until May to ensure that they are in compliance. While it appears to be a lot of work to ensure compliance, creating a plan and acting urgently will be of utmost importance for most large enterprises.
What are the penalties or punishment for failing to comply with the GDPR?
- Failure to comply with articles 5, 6, 7, and 9 of the GDPR will carry a penalty of up to €20 million or up to 4% of total global revenue of the previous year, whichever is the greater amount.
- If organizations fail to comply with articles 8, 9, 11, 25-39, 42, and 43 of the GDPR, there will be a penalty of up to €10 million or 2% of the total global revenue of the previous year, whichever is higher.
To ensure your organization is compliant with the GDPR law, follow the 12-step guide that the ICO has issued. This guide discusses areas that organizations need to address while preparing for the GDPR. There are other helpful insights, like the definition of data and what is needed for the journey ahead.
Employees must also be aware of upcoming GDPR compliance measures and know why it must be enforced. They can take steps to being more vigilant and diligent about the usage of customer data, consent, and privacy.
Additionally, there are four primary areas that must also be taken into consideration to ensure all companies who do business in the EU, whether they have a physical presence in the EU or not, meets the requirements:
- Identification of data
- Protection of data
- Data usage monitoring
- Notification of data breaches
The process towards achieving GDPR compliance has just started. As it progresses, there will be more information shared by the ICO and other regulating bodies. In a nutshell, however, the deadline for GDPR compliance is just around the corner. Non-compliance is simply not worth the headache or the penalties.