In my tenth and final post on the General Data Protection Regulation (GDPR), which comes into force from May 25th, 2018, I’m looking at the consequences of non-compliance.
Here’s what you need to know:
GDPR introduces increased penalties
The GDPR will introduce significant monetary penalties of up to 4% of worldwide annual turnover, or £20million – whichever is greater – for non-compliance. These sanctions can be used against any businesses, acting as either data controller or data processor, that contravene the rules of GDPR.
Admit your mistakes
GDPR makes a clear distinction between intentional and non-intentional violations, with the latter treated more leniently. So, if you do make a mistake that leads to non-compliance, the best advice is to inform the regulatory authorities as soon as you realise you have transgressed. Fines will also be reduced if you can show you have taken steps to limit the damage and help those affected.
Brexit won’t save you
GDPR applies to all companies, wherever they are based, that collect data from EU citizens. So Brexit – no matter how hard – won’t protect you from penalties, as international law will still allow the EU to pursue transgressors. The only difference could be the process being less direct, with the EU having to liaise with UK authorities and courts to administer punishments.
The bottom line is that, post-Brexit, EU regulators will retain the right to fine UK companies for violating GDPR and will do so with the help of British authorities.
• Fines for non-compliance can be as high as £20million, or 4% of worldwide annual turnover
• Non-intentional violations are treated more leniently
• Penalties can still be levied against British firms, even if the UK leaves the EU