What penalties could I face if I do not comply with GDPR?

17 Jan, 2018

Here we take a look at the penalties under the new GDPR.

Since the start of the New Year, the media has revved up its coverage of GDPR (General Data Protection Regulations for anyone who does not have that etched on their brain yet!)  We are seeing more and more enquiries for our training courses with businesses wanting to know what they can do on a practical level to make sure they are compliant.  We are busy putting plans in to action ourselves to make sure that as a business we protect the vast amounts of data that we have.  But for those businesses who perhaps haven’t thought about it yet, or worse still think the Regulations do not affect them, what could be the consequences of failure to comply with GDPR?  Here we take a look at the penalties for non-compliance.

GDPR gives the ICO (Information Commissioner’s Office) more power to investigate and enforce than the Data Protection Act.  They key change is the power to levy more substantial fines which will not come as good news to businesses. Further, these can now be levied against both a data controller and a data processor if necessary.

Under GDPR the ICO can impose fines of up to 20 million Euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  It is likely that certain infringements will be seen as ‘top level’ and will attract the higher fines.  This will include things such as:

  • The basic processing conditions, including obtaining consent;
  • Infringement of the rights of data subjects;
  • International transfer of personal data;
  • Failure to implement or comply to a subject access request process

Less serious breaches may include:

  • Failure to implement measures to ensure privacy by design;
  • Failure by a controller in relation to the engagement of processors;
  • Failure of a processor to process data only in accordance with the controller’s instructions;
  • Failure to report breaches;
  • Failure to appoint a data protection officer where one is required under GDPR.

These lower level breaches could still attract fines of up to 10 million Euros or 2% of the group worldwide turnover (whichever is the greater) – still a hefty amount!

As well as fines, the ICO could do any of the following:

  • Conduct audits;
  • Review certifications;
  • Issue warnings and reprimands to controllers and processors that have breached GDPR;
  • Impose limitations and restrictions around the breaching party’s ability to process data.

Also bear in mind that the biggest penalty could be to your own and your business reputation.

So, what does all this mean?

Whilst there is a lot of scaremongering around about these penalties, the reality may well be that as long as businesses are seen to have policies and procedures in place and to be trying to comply they may be safe.  Equally, as often happens with new legislation, there will be some test cases and no doubt some businesses will be used to make examples of.  The reality is that GDPR affects ALL businesses.  Why run the risk of being that ‘example’ business?

For any business reading this article and thinking that now may be the time to be doing something about GDPR but not sure where to start, we can help.  We have training courses available as well as two fully trained GDPR practitioners who can provide consultancy to businesses that would like a more hands on approach to assistance with GDPR compliance.  For more information call our Client Services team on 01905 670303 or e-mail info@isoqsltd.com

https://www.isoqsltd.com/

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Why Make Your Recruitment Agency Your Partner?

12 Sep, 2022

In a candidate driven market how can you not only attract the right applicants, but ensure you’re gaining a long-term employee who will grow with your business?

Environmental: Aerial view of green land and blue sky

How Can SECR Help You Reach Net Zero?

16 Aug, 2022

Net Zero, Greenhouse Gas and Environment issues are driving Commercial Energy obligations and responsibilities are changing worldwide. The UK is leading this revolution.

Our Award-Winning Week!

15 Jul, 2022

Less than a week after our win at the Worcestershire Social Media Awards, we were proud to be taking home another award, but what did we win this time?

ISOQSL Bingo Box an Award Winning Campaign

4 Jul, 2022

We were excited to attend the Worcestershire Social Media Awards last week where we were up for a whopping five awards including Best Social Media Campaign by a Business for our Christmas charity campaign.  Here’s how we got on…