No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

How to Pay Millions in GDPR Fines

Wondering about GDPR penalties? These actions (and inactions) increase your risk of fines.

by Maxine Henry
April 24, 2018
in Data Privacy, Featured
multiple stacks of hundred dollar bills

10 Behaviors That Will Put Your Organization at Risk

If your company isn’t ready to comply with the GDPR, then you may need to sound the alarm. Fines for noncompliance could be 4 percent of your company’s annual global revenue. This is not a joke. If you don’t want to be responsible for putting your company in serious jeopardy, then review these 10 behaviors most likely to put your company at risk for noncompliance.

Everyone is talking about the EU’s General Data Protection Regulation, and it’s no wonder why. With 99 rules to comply with by May 25 — the date it goes into effect — GDPR compliance can be a daunting challenge.

But if you don’t comply, it will cost you. Penalties for violating the GDPR can be harsh: as much as €20 (about US$23 million, as of this writing) or 4 percent of your organization’s annual global revenue, whichever is greater. For some types of infractions, the maximum penalty is less: up to €10 million, or 2 percent of the previous year’s global revenue.

Nobody wants to pay that hefty penalty, right? Judging from reports, though, it seems that quite a few businesses may be in danger of having to.

Large global firms may spend as much as $7.8 billion on GDPR compliance, according to Bloomberg. Nevertheless, more than half of those organizations won’t be ready by May, consultants predict.

“If you want to dance,” the saying goes, “you must pay the fiddler.” Conducting business with EU citizens and businesses without full GDPR compliance can be an expensive dance, indeed.

By doing your due diligence, though, you can avoid the sting of strict penalties and harsh fines. To help, I’ve put together a list of 10 behaviors most likely to put you at risk for noncompliance and cost your business under the GDPR:

1. Collect personal data from EU resident citizens for one reason, then use it for another.

The GDPR requires you to ask permission to collect, process, store and share any personal data from EU citizens residing in any of the 28 EU member states and to state specifically how and why you are using the data. If you decide to use it for something else, you must obtain their permission again.

2. Share the EU citizen data you’ve collected with someone else — without notifying the data’s owner.

The requirement noted above applies to sharing data with anyone, including third-party vendors.

3. Collect as much data as you can, whether or not you need it.

The GDPR limits the personal data your business can collect, prohibiting, in most cases, information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic, biometric, health and sex life or sexual identity data.

4. Don’t tag or track the data your business collects.

Under the GDPR’s “right to be forgotten” provision, any EU citizen who has permitted you to store or use their data also has the right to demand that you remove it from your system and servers — and from the databases of all with whom you have shared it. Since a 2014 court ruling granted EU citizens this right, 2.4 million entities, 90 percent of whom are private citizens, have reportedly had links to their personal information removed from Google. Without a good tagging or tracking system for all the data your business collects, you increase your risk of running afoul of this rule.

5. Have your customers sign a multipage privacy agreement full of legal jargon.

Under the GDPR, the privacy policy disclosing how you will process personal data must be “concise, transparent, intelligible and easily accessible,” written in clear and plain language and free of charge.

6. Don’t train your people in GDPR or data privacy and security.

Because people, not technology, are the weak link in privacy and security efforts, making sure everyone in your organization knows how the GDPR affects them, your organization and your clients can go a long way toward demonstrating a good-faith compliance effort should you be threatened with penalties.

7. Avoid the hassle and expense of a data protection officer.

The GDPR, via article 37, requires enterprises processing “large amounts” of EU personal data to designate a data protection officer. The DPO’s duties include informing the company and its employees (see number 5 above) about how to comply with the law, overseeing the training of data processing staff and conducting regular data privacy and security audits. DPOs also serve as the liaison between your enterprise and the authorities governing data-related activities. If there’s a request to remove someone’s data, the DPO gets it removed. If there’s a breach, the DPO reports it.

8. Don’t worry about getting hacked.

If your business’ systems or networks are breached and EU citizen data is compromised, you run a very high risk of paying the maximum fine.

9. Take your time reporting security breaches.

Under the GDPR, if your data is compromised, you must report the breach to the appropriate authorities and to the data owners within 72 hours of the incident. Failing to do so may cost you.

10. Do it yourself.

The GDPR has 99 rules, many of which are open to interpretation. Juggling all the stipulations using spreadsheets, or trusting your staff to keep track of where your business falls short is an easy way to fall out of compliance.

The high price of noncompliance may be the most widely known aspect of the GDPR that has many organizations scrambling to get everything into place by May 25. The good news is, careful recordkeeping can go a long way toward mitigating the penalties should you be found in breach of this regulation. How prepared are you to make the case for your enterprise?


Tags: GDPR
Previous Post

Protiviti and Robert Half Host Webinar: “Turning Corporate Culture into a Competitive Advantage”

Next Post

New PwC Report: Age Diversity in the Boardroom

Maxine Henry

Maxine Henry

Maxine Henry is a GRC expert at Reciprocity. She is actively engaged with helping customers take a holistic approach to governance, risks and compliance. Maxine has consulted at major firms including The Walt Disney Company, Cylance, Experian and Hyundai Autoever America. Her accomplishments and skills include governance, risk and compliance cybersecurity; data privacy and protection; e-discovery and General Data Protection Regulation (GDPR). She has helped clients strategically and tactically with developing technical and compliance solutions.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
New PwC Report: Age Diversity in the Boardroom

New PwC Report: Age Diversity in the Boardroom

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT