When the EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018, organisations in breach of the legislation will find the fines they face increasing dramatically.
From a maximum of £500,000 that the ICO could levy, penalties will then reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.
So, for many businesses, non-compliance could mean insolvency or even closure.
Under the GDPR, Supervisory Authorities will be given a number of new powers including the power to issue warnings of non-compliance, carry out audits, require specific corrective action within a specified time frame, order erasure of data and the complete suspension of data transfers to a third country.
And these powers can be applied to controllers and processors alike.
The investigative powers of the Supervisory Authority include the right:
Supervisory Authority corrective powers include the right to:
Crucially, SAs are also empowered to issue substantial administrative fines: which you see in the accompanying documentation:
Requirements, which can attract a fine of up to 4% of total global annual turnover or €20m (whichever is the higher), can also be seen in the PDF:
Apologies for the complexity of language and legalese involved, but that’s a simplified version.
And months is not long to bring an organisation – especially a larger one – to a state of compliance with the new law.
Which is why it’s essential to prepare now.
GDPR Academy is dedicated to GDPR and Cyber Security. These go hand-in-hand so you are up-to-date, day-by-day on the latest developments, white papers, laws and timings et al.
GDPR Academy is the only place you’ll find a comprehensive body of knowledge, resources and experts to help you navigate the complex landscape of tomorrow’s GDPR and Cyber Security issues.