The law - Get expert help from the Data Protection Consultancy

Understanding the GDPR

25 May 2018 saw the greatest change yet in data protection law. The Data Protection Act 2018 came in to force in the UK, incorporating the EU’s full General Data Protection Regulation (GDPR) – which will continue to apply in the UK after Brexit. It’s important to understand the risks you face if you don’t comply the law – which could be very significant fines.

The GDPR applies equally to organisations outside of the European Economic Area if they process the personal data of EU citizens. There really is no escaping the requirements of the law!

The law can be complex and, of course, open to interpretation. Our consultants understand the law and how to make it work in your business – so contact us for an initial no-obligation chat.

In the meantime, here are some of key points about the change to the GDPR:

What are the penalties for a personal data breach?

If you fail to comply with the GDPR, and experience a personal data breach, you could face fines of up to £20 million or 4% of your global turnover – plus a criminal record and/or custodial sentence.

If you fail to notify the ICO that you’re processing personal data, that’s a criminal offence carrying a fine of up to £5,000.

The number of fines levied, and their value, increases year on year. The ICO takes data security breaches very seriously.

“What if we don’t get found out?”

You can’t just hope that no one discovers your data breach. Under the GDPR, you’re required to notify the ICO of any personal data breach which is ‘likely to result in a high risk of adversely affecting individual rights and freedoms’ – and to do so within 72 hours. You can be fined up to £250,000 just for not reporting a data breach.

It’s not just the ICO

Depending on your sector, you could be open to fines from other regulatory bodies, too. The FCA, for example, can impose unlimited fines – and they could revoke your licence.

It’s not just your own compliance!

You should be concerned not only about your own compliance with the GDPR but also any of your partners to whom you may pass personal data in the course of your business. In many cases, you will be legally responsible for how they handle and protect this data.

It’s not worth the risk

The cost of being found in breach of data protection law is significantly higher than the cost of bringing in the expertise of a firm like Data Protection Consultancy. So why risk it?

We offer expert data protection help and advice, audits, policies, training and other consultancy services. We can help your organisation to stay on the right side of the law – and breathe a sigh of relief.

Example breaches

In 2018, a personal finance brand was fined £16.4 million by the FSA for failing to prevent a cyber attack.

In 2018, the ICO fined Facebook £500,000 for its role in the Cambridge Analytica scandal.

A building society was fined £980,000 by the FSA for the loss of a laptop which contained confidential customer data.

The ICO fined a firm £250,000 for making nuisance marketing calls relating to personal injury claims.

Charities have been fined up to £250,000.

Read more about the ICO’s biggest fines and recent FSA fines.