Written by Hannah Richards. Published on Fresh Business Thinking.
Failure to conform to the new GDPR laws, will result in a huge financial burden on small and large companies alike. The current Data Protection Act (DPA) details that a monetary penalty notice will charge organisations £500,000 for serious breaches. This will increase dramatically in 2018, forcing companies to reassess their data security to ensure that they are GDPR compliant.
Companies could face fines of up to £20 million or 4% of their annual turnover (whichever is higher), far greater than the current £500,000 fine. This will have an extensive impact on UK businesses, the poor track record of the prevention of data breaches suggests that organisations will be paying out as much as £122bn collectively, when considering the 2015 data breach levels.
This statutory obligation will trigger the threat of insolvency or closure for some businesses who will not be able to cover the substantial fines. Supervisory Authorities (SAs) will be supported by the law to take action against data controllers and processors who have incurred a data breach. They are authorized to issue the fines which are designed to be proportionate and dissuasive.
Information found in the ISO 27001 principles can help guide companies with preparation for the implementation of the GDPR, ensuring that the most effective framework is in place to help avoid a data beach. Preparing for the new policies will help companies avoid the potential risks, the groundwork should begin now, so that the correct procedures are in place and staff are well educated on the policies, so that the fines can be avoided at all costs.
New policies should be adhered to, and personal information will need to be assessed extremely efficiently. According to Lillian Tsang, commercial solicitor at Harper James, under the GDPR businesses are required to provide further information about collated data, including:
The sanctions on data protection are being constricted, and although the impact of breaches effects company finance currently, it’s a drop in the ocean compared to the potential fines brought in by the new GDPR policies of 2018. It pays to be prepared in this case scenario. Companies need to need to know now; how the GDPR will effect business, if there are any gaps in security measures, plus, the efficacy of their data security and how to react when a breach occurs.
Written by Hannah Richards.