Data Breaches and the Financial Implications of GDPR
The consequences of not complying with the General Data Protection Regulation are high, and not just the financial implications.
The Information Commissioner’s Office (ICO) has gone some way to explaining the fines and penalties that
organisations can face under GDPR.
But they have also said that the financial implications should not be the sole reason that you comply with GDPR.
The point of GDPR is to put the public and the individual first when it comes to what is done with their personal data and who has access to it. And it is that which should be the organisation’s driving force to be more transparent.
What fines can be imposed for GDPR non-compliance?
Previously, the maximum fines that could be given in the event of a breach of the Data Protection Act were £500,000. With the advent of the GDPR, the ICO has the power to impose fines much higher than that. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.
Under the new law, the maximum fine is £17 million or 4% of an
But the ICO has a history of using fines as a last resort. After all, it’s aim is to ensure high standards are maintained and to arm
‘Like the DPA, the GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders.
While these will not hit organisations in the pocket – their reputations will suffer a significant blow.’
Elizabeth Denham, UK Information Commissioner, ICO