GDPR could create a corporate tsunami, and yet, not only companies but the media seem to be asleep. Must we wait for it to hit before we wake-up?
GDPR – General Data Protection Regulation – is already here, but companies have got another year to get their house in order before they risk paying a fine.
The fines, we are told, could be as much as 20 million euros, or four per cent of turnover.
But that is only part of the story. If you are responsible for a serious GDPR transgression that affects one of your clients then they may be fined four per cent of their turnover and they may expect you to fork the bill. That could be a very serious problem if your clients’ turnover is greater than yours.
So actually, your vulnerability is not four per cent of your turnover, but four per cent of your largest client’s turnover.
And then there are your suppliers. If they are responsible for you breaking a GDPR rule, then it is still you that has to pay the fine – sure you can go after your supplier, but they can’t pay what they don’t have.
GDPR won’t just be expensive, it could be messy.
At the recent GDPR Conference Europe, held at the County Hall London, delegates were told that some companies will go bust as a result of the regulation – and then they heard the tale, direct from a business owner, who fell afoul of data protection rules and faces paying a £200,000 plus fine that will force him out of business.
Yet the world has not yet woken to what GDPR will mean.
It will be sad indeed if we wait until the first high profile bankruptcy, as a result of GDPR, before the media and senior management at companies take it seriously.
But it is not all doom and gloom, the CTO, the UK regulator in this area, is not a monster, they want to help companies avoid falling foul of the regulation, and if a company does get it wrong, if it can show they took all reasonable measures to avoid the error, then the CTO is more likely to be lenient.
There is certification that companies can apply for – being awarded such certification is no guarantee of avoidance of fines, but it will help.
To find out more, attend our next GDPR Summit Series, at 155 Bishopsgate, London on January 30th.