I have to say that I am quite intrigued with the subject of GDPR. The more I read about these topics the more my “gut feeling” says that none of the companies I spoke with in the last couple of months is ready for this major regulation adjustment. Most of the employees have no idea and a data protection officer is something many never heard of either. Maybe the fact that there is a serious GDPR Penalty System in place which is starting at the 25th of May 2018 will make things clearer. But what kind of GDPR Penalty System?
The GDPR Penalty System Low Level
The lower level of fine, up to €10 million or 2% of the company’s global annual turnover, will be considered for infringements listed in Article 83(4) of the General Data Protection Regulation. This includes violation of the GDPR regulations relating to:
- Integrating data protection ‘by design and by default’
- Records of processing activities
- Cooperation with the supervising authority
- Security of processing data
- Notification of a personal data breach to the supervisory authority
- Communication of a personal data breach to the data subject
- Data Protection Impact Assessment
- Prior consultation
- Designation, position or tasks of the Data Protection Officer
The GDPR Penalty System: High Level
The higher level of fine, up to €20 million or 4% of the company’s global annual turnover, will be considered for infringements listed in Article 83(5) of the General Data Protection Regulation. This includes violation of the GDPR regulations relating to:
- The basic principle for processing, including conditions for consent, lawfulness of processing and processing of special categories of personal data
- Rights of the data subject
- Transfer of personal data to a recipient in a third country or an international organisation
Research Credentials regarding the The GDPR Penalty System
As you probably already know I am not legal council regarding GDPR and I do not want to be either. It is important to know that specialists around this topic come together. The platform they use is GDPR Associates. They will be able to help you if necessary with explaining and providing you with knowledge about this legislation.
An Association of experts around the globe brought together to assist clients to better understand the implications of GDPR, to share knowledge, advice & guidance.
We are experts in identifying the technology, talent, legal and auditing skills you need to ensure you have a complete, secure, defensible GDPR strategy, allowing you to focus on building your brand, customer, employee and supplier confidence in the digital economy, whilst mitigating the impact of any potential data breach.