Priviblog

The Penalties for Non-Compliance with the GDPR

Posted on 11/10/2018

GDPR compliance

Last week we wrote about some recent UK data breaches. At Priviness, we offer a full assessment and report of your organisation’s current level of GDPR compliance as well as training for staff members at all levels. For those companies that are still conducting a business-as-usual approach, we thought a little reminder of the penalties for non-compliance might be apposite.

Legislation with Teeth

The European Union has granted the relevant supervisory authority in each EU country the powers to impose corrective sanctions and administrative fines on organisations that do not meet the required standards for data security. These powers are laid out in full in Article 58 of the GDPR.

Corrective Sanctions

The UK’s supervisory authority is the Information Commissioner’s Office. Organisations that come under its investigation may face corrective sanctions. These include:

  • Formal Warning. These will be issued when an intended infringement comes to the attention of supervisory authority.
  • Reprimand. To be issued when an infringement has occurred.
  • Order to Comply. If a data subject feels that one of their rights has been infringed and that an organisation has failed to comply with their request that their data be deleted or rectified. The supervisory authority can order that organisation to comply.
  • Ban on Processing. An order to limit data processing up to and including an outright ban.

Administrative Fines

The administrative fines are laid out in paragraphs 4 and 5 of Article 83 of the GDPR. These are the powers that have made the headlines. There are two tiers of administrative fines:

  • Tier One: Infringement of data security obligations -- 10 Million EUR or 2% of total worldwide turnover of the previous financial year.
  • Tier Two: Infringement of data subjects’ rights -- 20 Million EUR or 4% of turnover.

Note that these maximum fines refer to turnover not profit. Fines of this magnitude could be extremely damaging -- even to the giant multinational corporations.

At Priviness, we provide comprehensive training on privacy and data protection legislation, including GDPR and other global laws. For further information, please call 0203 2878 243 or email info@priviness.eu.

For the latest news relating to data protection, follow us on Twitter.

Back To all catagories

Related Blogs