Failure to conform to the new GDPR laws, will result in a huge financial burden on small and large companies alike. The current Data Protection Act (DPA) details that a monetary penalty notice will charge organisations £500,000 for serious breaches. This will increase dramatically in 2018, forcing companies to reassess their data security to ensure that they are GDPR compliant.
Companies could face fines of up to £20 million or 4% of their annual turnover (whichever is higher), far greater than the current £500,000 fine. This will have an extensive impact on UK businesses, the poor track record of the prevention of data breaches suggests that organisations will be paying out as much as £122bn collectively, when considering the 2015 data breach levels.
This statutory obligation will trigger the threat of insolvency or closure for some businesses who will not be able to cover the substantial fines. Supervisory Authorities (SAs) will be supported by the law to take action against data controllers and processors who have incurred a data breach. They are authorized to issue the fines which are designed to be proportionate and dissuasive
Information found in the ISO 27001 principles can help guide companies with preparation for the implementation of the GDPR, ensuring that the most effective framework is in place to help avoid a data beach. Preparing for the new policies will help companies avoid the potential risks, the groundwork should begin now, so that the correct procedures are in place and staff are well educated on the policies, so that the fines can be avoided at all costs.
New policies should be adhered to, and personal information will need to be assessed extremely efficiently. According to Lillian Tsang, commercial solicitor at Harper James, under the GDPR businesses are required to provide further information about collated data, including:
- Disclosing the legitimate interest of the controller or third party.
- The retention period or criteria used to determine it.
- The right to lodge a complaint with a supervisory authority.
- The source where personal data originates from (and whether it came from publicly accessible sources).
The sanctions on data protection are being constricted, and although the impact of breaches effects company finance currently, it’s a drop in the ocean compared to the potential fines brought in by the new GDPR policies of 2018. It pays to be prepared in this case scenario. Companies need to need to know now; how the GDPR will effect business, if there are any gaps in security measures, plus, the efficacy of their data security and how to react when a breach occurs.
Find out how to ensure that your company is fully prepared for the implementation of GDPR by attending the GDPR Conference Europe, designed to help businesses prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
In addition to marketing teams, this conference will ensure representatives from across the public and private sector including: C Suite (CEO, CIO, CTO, CMO), Heads of Legal, HR & Finance Teams for you to:
- Understand the implications of the General Data Protection Regulation
- Get to grips with new obligations and ensure their organization is compliant
- Start preparing for and Implementing the General Data Protection Regulation
- Gain invaluable instruction and insight on the General Data Protection Regulation
- Learn how to avoid heavy fines and loss of reputation
- Discover if they need to appoint a Data Protection Officer