If you are worried that your organization or business might not be completely ready for the implementation day of the General Data Protection Regulation (GDPR), you should really be taking action. The final date is 24 May 2018, and if your company is not ready for compliance by then it might face serious fines.
Much of the description around fines is still to be declared, however, what is definite is that the possible highest penalty of €20m, or 4% of the yearly transaction (whichever is more), is a lot more than existing maximum penalties.
What is the Possibility of Maximum Penalties?
It must be stated that the levying of the peak level of penalties is likely to be exceptional. For example, the existing maximum penalty in the United Kingdom is £500,000 and the maximum penalty that has ever been levied is £400,000. Nevertheless, it is not possible to say whether a data protection authority (DPA) will like to make an instance of those companies that don’t abide by.
It’s projected that more assistance, concerning penalties, will be provided by the European Data Protection Board (EDPB), prior to May 2018. Companies must take notice of this advice when it is issued. It’s also important to keep in mind that other, yet to be described, restrictions will be available to DPAs.
Harm to status
It’s not only penalties that can be expensive to companies; they must also consider the harm to their status that can lead to instances of data breaches.
All companies should presently be looking at how confidential and safe their data access is and they must be defining a data breach plan which includes reporting the breach within the 72 hours which will be compulsory as per GDPR. They must be doing all of this not only because they don’t want to confront the cost of penalties, but because they desire to safeguard their status.