The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, and has brought about a step change in risk for organisations in how they process personal data.
A new principle of accountability sitting with businesses, enhanced data subject rights and increased expectations on both data controllers and processors all combine to mean that developing a compliance culture is now a necessity rather than a ‘nice to have’.
The cost of not taking GDPR seriously will be very real. Breaches of the new rules could lead to increased fines and have a highly detrimental impact on an organisation’s reputation. The maximum fine for non-compliance will now be set at 4% of worldwide turnover in the preceding financial year or €20 million. Under the Data Protection Act the maximum fine for non-compliance is much lower – £500,000.
GDPR applies across Europe, making a consistent approach easier than it has been historically. Our CMS data privacy group is at the front of all legal, industry and market practice in this area.
GDPR compliance need not be an overwhelming task with the correct support. Our resources help you address issues and priorities in the context of your organisation. If you are looking for more information please contact us.