What penalties could I face if I do not comply with GDPR?

17 Jan, 2018

Here we take a look at the penalties under the new GDPR.

Since the start of the New Year, the media has revved up its coverage of GDPR (General Data Protection Regulations for anyone who does not have that etched on their brain yet!)  We are seeing more and more enquiries for our training courses with businesses wanting to know what they can do on a practical level to make sure they are compliant.  We are busy putting plans in to action ourselves to make sure that as a business we protect the vast amounts of data that we have.  But for those businesses who perhaps haven’t thought about it yet, or worse still think the Regulations do not affect them, what could be the consequences of failure to comply with GDPR?  Here we take a look at the penalties for non-compliance.

GDPR gives the ICO (Information Commissioner’s Office) more power to investigate and enforce than the Data Protection Act.  They key change is the power to levy more substantial fines which will not come as good news to businesses. Further, these can now be levied against both a data controller and a data processor if necessary.

Under GDPR the ICO can impose fines of up to 20 million Euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  It is likely that certain infringements will be seen as ‘top level’ and will attract the higher fines.  This will include things such as:

  • The basic processing conditions, including obtaining consent;
  • Infringement of the rights of data subjects;
  • International transfer of personal data;
  • Failure to implement or comply to a subject access request process

Less serious breaches may include:

  • Failure to implement measures to ensure privacy by design;
  • Failure by a controller in relation to the engagement of processors;
  • Failure of a processor to process data only in accordance with the controller’s instructions;
  • Failure to report breaches;
  • Failure to appoint a data protection officer where one is required under GDPR.

These lower level breaches could still attract fines of up to 10 million Euros or 2% of the group worldwide turnover (whichever is the greater) – still a hefty amount!

As well as fines, the ICO could do any of the following:

  • Conduct audits;
  • Review certifications;
  • Issue warnings and reprimands to controllers and processors that have breached GDPR;
  • Impose limitations and restrictions around the breaching party’s ability to process data.

Also bear in mind that the biggest penalty could be to your own and your business reputation.

So, what does all this mean?

Whilst there is a lot of scaremongering around about these penalties, the reality may well be that as long as businesses are seen to have policies and procedures in place and to be trying to comply they may be safe.  Equally, as often happens with new legislation, there will be some test cases and no doubt some businesses will be used to make examples of.  The reality is that GDPR affects ALL businesses.  Why run the risk of being that ‘example’ business?

For any business reading this article and thinking that now may be the time to be doing something about GDPR but not sure where to start, we can help.  We have training courses available as well as two fully trained GDPR practitioners who can provide consultancy to businesses that would like a more hands on approach to assistance with GDPR compliance.  For more information call our Client Services team on 01905 670303 or e-mail info@isoqsltd.com


ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.

Puzzle piece being put in place in to the center of a circle.

10 Benefits of Implementing Multiple ISO Standards

30 Aug, 2023

In the dynamic landscape of modern business, organisations are constantly seeking ways to enhance operational efficiency, quality, and management practices. A powerful strategy that has gained traction is the implementation of multiple ISO standards.

Multicoloured question marks in a pile with one large green question mark on top

What is the Annex SL Structure?

30 Aug, 2023

Implementing multiple ISO standards may seem daunting, but the Annex SL framework simplifies this process significantly. So, what is the Annex SL Structure, and what benefits does it bring organisations who want to implement multiple standards?

What are the business benefits of implementing ISO 9001?

10 Aug, 2023

For any business to survive, continual improvement is vital.  However, we all know that improvements can be costly.  Deciding on the right way to spend any budget you do have can be difficult including new equipment, extra staff or training existing staff to name but a few.  In this article, we look at why ISO 9001 can be a big boost to any business and why we believe it is the best way to ensure continual improvement for your business.