GDPR: The Truth about Fines
As awareness began to climb around GDPR, towards the end of last year, the media had focussed on the headline-grabbing fines that might be levied for those businesses found to be non-compliant – headline-grabbing indeed; but not reality for most businesses subject to GDPR. In fact, Elizabeth Denham, the UK’s Information Commissioner herself warned last December of ‘scaremongering because of misconceptions.’
If you are looking for advice on your GDPR Compliance, take note that anyone talking about fines or suggesting, still, that everything is about gaining consent should perhaps be given a wide berth, as this is not the reality.
Corrective measures, of which fines are one, will be determined by national supervisory authorities – the Information Commissioner’s Office, the ICO, in the UK.
Other measures may include imposing restrictions on processing data, reprimands or a requirement to achieve compliance. In our view, the real risk is the publicity around such failings, which may just be a disgruntled individual sharing their disappointment via social media – clearly a competitive advantage for those rival businesses that take compliance seriously. And, perhaps, this is the real issue; reading last week that 82% of individuals will look to exercise their new-found rights under GDPR, post-May, it’s how businesses will be judged when it comes to good management of the data that they process; much of which will be clients’/customers’ and numerous contacts that are highly valuable to their organisation. Why would you not wish to be seen as leading the way in your sector on good data management?
Of course, we are seeking that, many remain confused about where to start with GDPR and what steps they should be taking – one of the most overlooked aspects of GDPR is the need for many to demonstrate compliance; we have therefore adopted a practical approach to GDPR, using our GDPR Toolkit, with follow-up support to assist businesses over the next 100 days. The worry should not be around fines but instead a much greater risk; your rivals gaining a competitive advantage, within your sector, over you!
If you are still unsure where to start, and would like some practical help on your GDPR process, sign up for our Practical GDPR Workshops, seek a copy of our GDPR Toolkit or contact us for an initial discussion about where you are now and what steps you can take to be ready by 25 May 2018.