What penalties could I face if I do not comply with GDPR?

17 Jan, 2018

Here we take a look at the penalties under the new GDPR.

Since the start of the New Year, the media has revved up its coverage of GDPR (General Data Protection Regulations for anyone who does not have that etched on their brain yet!)  We are seeing more and more enquiries for our training courses with businesses wanting to know what they can do on a practical level to make sure they are compliant.  We are busy putting plans in to action ourselves to make sure that as a business we protect the vast amounts of data that we have.  But for those businesses who perhaps haven’t thought about it yet, or worse still think the Regulations do not affect them, what could be the consequences of failure to comply with GDPR?  Here we take a look at the penalties for non-compliance.

GDPR gives the ICO (Information Commissioner’s Office) more power to investigate and enforce than the Data Protection Act.  They key change is the power to levy more substantial fines which will not come as good news to businesses. Further, these can now be levied against both a data controller and a data processor if necessary.

Under GDPR the ICO can impose fines of up to 20 million Euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  It is likely that certain infringements will be seen as ‘top level’ and will attract the higher fines.  This will include things such as:

  • The basic processing conditions, including obtaining consent;
  • Infringement of the rights of data subjects;
  • International transfer of personal data;
  • Failure to implement or comply to a subject access request process

Less serious breaches may include:

  • Failure to implement measures to ensure privacy by design;
  • Failure by a controller in relation to the engagement of processors;
  • Failure of a processor to process data only in accordance with the controller’s instructions;
  • Failure to report breaches;
  • Failure to appoint a data protection officer where one is required under GDPR.

These lower level breaches could still attract fines of up to 10 million Euros or 2% of the group worldwide turnover (whichever is the greater) – still a hefty amount!

As well as fines, the ICO could do any of the following:

  • Conduct audits;
  • Review certifications;
  • Issue warnings and reprimands to controllers and processors that have breached GDPR;
  • Impose limitations and restrictions around the breaching party’s ability to process data.

Also bear in mind that the biggest penalty could be to your own and your business reputation.

So, what does all this mean?

Whilst there is a lot of scaremongering around about these penalties, the reality may well be that as long as businesses are seen to have policies and procedures in place and to be trying to comply they may be safe.  Equally, as often happens with new legislation, there will be some test cases and no doubt some businesses will be used to make examples of.  The reality is that GDPR affects ALL businesses.  Why run the risk of being that ‘example’ business?

For any business reading this article and thinking that now may be the time to be doing something about GDPR but not sure where to start, we can help.  We have training courses available as well as two fully trained GDPR practitioners who can provide consultancy to businesses that would like a more hands on approach to assistance with GDPR compliance.  For more information call our Client Services team on 01905 670303 or e-mail info@isoqsltd.com


ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

News Archive

  • News Archive

Featured News

Related Posts

Guest Author Post: What you need to know about a ‘Hard Insurance Market’

24 Sep, 2020

You may find your business’s insurance facing rate increases as the insurance market becomes more challenging. Why? Insurers are looking to balance their books with either reduced capacity, pulling out of some risk areas, and/or revisiting terms and conditions. This is known as a ‘hard insurance market’, but what does that mean?

Guest Author Post: Insurance woes facing care sector

24 Sep, 2020

The care sector has been gradually facing a hardening insurance market as fewer insurance companies are prepared to provide cover. In recent months some of the main remaining insurers have withdrawn leaving the situation even more difficult. On top of this the insurance industry in general is seeing a sharp rise in premiums and a reduction in the cover they are prepared to offer. This is bad news for the care sector, already under pressure from the impact of Coronavirus.

Guest Author Post: Construction industry facing insurance shock

24 Sep, 2020

Recent months have seen various sectors of the construction industry hit by a rapidly hardening insurance market, with premiums increasing 2, 3 or 4 times, cover reduced, restrictions imposed and in worst cases insurance has become unavailable. Everyone from architects & surveyors to contractors and suppliers are under pressure.

Guest Author Post: Never a better time to get ISO certifications

24 Sep, 2020

The insurance industry is experiencing its hardest market in 20 years, with premiums increasing, breadth of cover being restricted, policyholders being asked to comply with harsh conditions and some businesses struggling to obtain insurance at all.