One of the big changes moving to GDPR is the power to measure fines against global turnover. This ability – at the discretion of the ICO (the UK’s supervisory authority) – enables much larger fines than those currently in place. There are two tiers of administrative fines:

  • €20 million or 4% of annual global turnover for breaches of, for example, the principles of processing and data subjects’ rights
  • €10 million or 2% of annual global turnover for breaches of obligations, including maintaining written records or implementing technical measures

In reality, for the UK at least, fines on this scale are likely to be few and far between. The ICO has repeatedly stated that the fines are a last resort and they will start by issuing warnings as a first measure. Initially, expect fines to be levied against companies that flagrantly misuse personal data or who suffer breaches in the public eye due to poor security controls.

Consequences of a data breach

Even without the fines, there are other serious consequences to data breaches that are often overlooked:

  • Damage to brand or reputation  If your brand or reputation has any value then you will need to consider how a personal data breach will impact your relationship with existing or prospective customers.
  • Commercial growth  Many bids and tenders contain a question regarding reportable breaches suffered during recent years. Answering ‘Yes’ to these questions usually marks the end of your bid or tender submission, so consider the impact to your business growth if you were to suffer a breach.
  • Personal liability  Over recent months, individuals have been personally prosecuted for misuse of personal data so make sure you are aware of what you are (and aren’t) allowed to do with the personal data you hold.
  • Lost revenue  If your site crashes due to a security breach you will lose revenue while it is down, and while the breach is remedied. The longer the site is down the more sale you could lose (as well as reputation above). 
  • Intellectual Property  If a hacker was to obtain your new product ideas or plans it could damage your business growth, if someone else goes to market first. Protect your IP.

The positive impact of  GDPR

Lots of information on GDPR focuses on confusion over the Regulations, as businesses try to understand how to apply the new rules. And as we have seen, aside from fines non-compliance has far reaching implications for your business. So perhaps it’s time that we looked at the positive side of GDPR.

Ultimately, the Regulations are about protecting our data and making it safer. The obligation is on companies to be clear, simple and transparent in their use of data. Data is a valuable currency, and with so much available this has to be a good thing.

  1. For businesses – GDPR will create some challenges and pain as processes are reviewed and renewed. But it could also create opportunity.
  2. For customers – there is a chance to grow loyalty and increase retention. Businesses who demonstrate clear and transparent data policies can build deeper trust; by showing that you understand customer concerns and value data privacy. 
  3. For prospects – GDPR will force companies to focus on quality over quantity. It will encourage relationship building with people that want to hear from you. Instead of talking to those not in the market to buy, you should be dealing with prospects that are more engaged.    

If you are feeling frustrated by GDPR read our blog on how to get started. You can also check out our Resources page to find free downloads and guides. By working rationally you can complete the required steps for GDPR and implement systems to ensure ongoing compliance.

> Read more

Data Protection PrinciplesWhat is a Subject Access Request?

Early bird offer

We’re offering a 3 month free trial for early adopters (standard trial 30 days). Register your interest for more details.