Failure to conform to the new GDPR laws will result in a huge financial burden on small and large companies alike. The current Data Protection Act (DPA) details that a monetary penalty notice of up to £500,000 can be charged to organisations for serious breaches. This will increase dramatically in 2018 – forcing companies to reassess their data security to ensure that they are GDPR compliant.
Data Breaches
Companies could face fines of up to £20 million or 4% of their annual turnover (whichever is higher) – far greater than the current £500,000 fine. This will have significant impact on UK businesses. The poor track record for the prevention of data breaches suggests that organisations will be paying out as much as £122bn collectively, when considering the 2015 data breach levels.
Supervisory Authorities
This statutory obligation will trigger the threat of insolvency or closure for some businesses who will not be able to cover the substantial fines. Supervisory Authorities (SA’s) will be supported by the law to take action against data controllers and processors who have incurred a data breach. They are authorized to issue the fines which are designed to be proportionate and dissuasive
Be Prepared
Information found at the Compliance Briefing can help guide companies to prepare for the implementation of the GDPR, ensuring that the most effective framework is in place to help avoid a data beach. Preparing for the new policies will help companies avoid the potential risks. The groundwork should be laid now, so that the correct procedures are in place and staff are well educated on the policies, so that fines can be avoided at all costs.
New policies should be adhered to, and personal information will need to be assessed extremely efficiently. According to Lillian Tsang – commercial solicitor at Harper James – under the GDPR, businesses are required to provide further information about collated data, including:
- Disclosing the legitimate interest of the controller or third party
- The retention period or criteria used to determine it
- The right to lodge a complaint with a supervisory authority
- The source where personal data originates from (and whether it came from publicly accessible sources)
Conclusion
The sanctions on data protection are being constricted, and although the impact of breaches effects company finance currently, it’s a drop in the ocean compared to the potential fines brought in by the new GDPR policies of 2018. It pays to be prepared in this scenario. Companies need to need to know now; how the GDPR will effect business, if there are any gaps in security measures, plus, the efficiency of their data security and how to react when a breach occurs.
Find out how to ensure that your company is fully prepared for the implementation of GDPR by attending the Compliance Briefing: Malta, designed to help businesses understand new regulations and prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
This event will ensure that organisations are kept GDPR compliant and avoid any consequential sanctions. During the conference, all of those attending will learn:
- How to be compliant in the iGaming industry
- What are the key concepts of compliance in today’s market?
- How to prepare for the implementation of GDPR?
- What does GDPR mean for the Fourth Money Laundering Directive?
- How much does non-compliance really cost?
- What does the future hold for geolocation post-GDPR’s implementation?
- What to do in the event of a data breach?
- What are the individual’s rights in regards to the GDPR?
- How must an organisation respond to complaints?
- What fundamental changes will you need to implement in your organisation to stay compliant?
- What do you have to do NOW to be ready when the new regulations come into force?
- How do you mitigate the risks and turn compliance threats into competitive business opportunities?
- What does the future of geolocation look like?
- What will your business need to implement for GDPR?
Further information and conference details are available at www.compliancebriefing.com
