Data Privacy Compliance, Is your business at risk?15 Apr 2019
Data Privacy Compliance is suddenly at the forefront of most company’s plans. Most businesses will be aware that the legislation has changed (and is still changing). Some will also be aware that the data protection authorities have begun to fine non-compliant organisations.
On the 25th of May 2018, the European Union introduced the General Data Protection Regulation (GDPR). It addresses how organisations use, store and process personal data. With almost a year passed since the introduction of GDPR, many businesses remain unaware of its implications.
Who enforces GDPR?
Each country has a data protection authority. In the UK it is the Information Commissioner’s Office (ICO) and it is not a job they take lightly.
According to a report published by DLA Piper(2019), in the 8 months since GDPR’s implementation, there were 59,430 breaches across Europe. In some countries, total reported infringements were as low as 15 and in others as high as 15,000. This demonstrates the varied attitude to data protection across Europe.
The lion’s share of the 59,430 enforcement cases came out of The Netherlands (15,400), Germany (12,600) & the UK (10,600). Businesses operating in these three countries must be particularly wary.
Data Privacy Compliance. What’s changed?
Before the 25th of May 2018, the number of infringements reported per month was around 350. Two months later this rose to 1,752. As dramatic as these figures appear, in the first months of GDPR there were very few fines.
Yet, it appears the grace period is over. In January 2019, Google had to swallow a €50 million fine for GDPR violations. This must serve as a wake-up call for all businesses that deal with their customer’s data.
The greatest fine possible for a GDPR breach, which is €20 Million or 4% of annual revenue. This is far greater than the largest fine afforded by the Data Protection Act (DPA), which was £500,000.
Who is most vulnerable?
It is not only the largest corporations who are being held accountable. A hospital in Portugal was recently fined €400,000 for a GDPR violation. In Germany, a small company called Kolibri Image was fined just £5,000. This illustrates that businesses of all sizes are at risk.
Why consent is particularly tricky
One of the six bases for processing personal data is consent. It will often be used where there is no contractual basis or legitimate interest.
The changes in rules around consent have been particularly challenging for businesses. The need to get freely given, specific, informed and unambiguous consent will often run counter to established business practices. Marketers, in particular, have a difficult time getting freely given consent
Can you be sure your whole organisation is compliant with GDPR’s rules on Consent? Why take the risk. To avoid a devastating fine, not to mention reputation damage, sign up for a free trial with Consentua and start your journey to compliance.
If you would like to start a free trial call 02392 160640 or contact us at https://consentua.com