GDPR fines of up to 20M euros coming into play in 2018

Posted on: 11th May 2017

GDPR fines

Today it was announced that a Bedfordshire based cold calling company, Keurboom Communications, has been fined £400,000 by the Information Commissioner’s Office for making almost 100 million nuisance calls.

This is because making automatic marketing calls without peoples consent is actually illegal. The sum of the fine sounds enormous, enough to make a company cease trading, but with the new General Data Protection Regulation, which will come into force on 25 May 2018 a £400,000 fine could be classed as ‘getting off lightly’.

If you fall victim to a cyber security breach, where hackers leak the data you had the responsibility of storing securely, or for whatever other reason, customer data is leaked or not used in the correct manner, (GDPR is much stricter on things like information used for marketing) then you could be faced with significant fines.

Eduardo Ustaran, European head of privacy and cyber security at law firm Hogan Lovells has said; “The countdown has begun. Businesses operating in Europe or targeting European customers have a year to get their act together and prepare for the new regime.”
The fines are separated into two different types:

  • Breaches related to the controller and processor obligations, certification body obligations or monitoring body obligations: Up to 10,000,000 EUR or 2% of total worldwide turnover, whichever is the greater (GDPR Article 83(4))
  • Breaches related to the basic principles of processing, content, data subject rights, transfer of data, non-compliance: The highest fine states up to 20,000,000 Euros or 4% of total worldwide turnover, whichever is the greater (GDPR Article 83(5))

The complete GDPR article can be read here, which details all aspects of the new legislation.

How can I make sure that my business is prepared for the General Data Protection Regulations?

The last thing any business needs is to have to pay huge fines which could have been avoided had the correct procedures and cyber security measures been in place.

We can make sure your business is prepared against Cyber Attacks and that you meet the new regulations. We offer Cyber Essentials and Cyber Essentials Plus Services, meaning we can get you up to the high security standards required to sufficiently protect your business plus the data your business is responsible for. We can also review your business to see if there are any areas of your business that could potentially result in any fines.

Get in touch with us today to take the first steps in protecting yourselves against fines that can be avoided with our help.