The Penalties of Ignoring GDPR
GDPR was introduced in 2018 and at the time most people received the basic training and promptly forgot all about it. Now we are over 4 years down the line and the Data Commissioner’s Office is implementing penalties against more companies on a day-to-day basis. If you fall into the aforementioned category having forgotten all about GDPR now is the time to refresh your training and get practices and procedures in to place as the legal ramifications are starting to gather steam and there are many claims for data breaches working their way through the courts.
Failure to be GDPR Compliant, with all your policies in place & correct storage of data and result in a Data Breach. This is a nightmare situation the fall out of which can be huge and result in some, or all of the following scenarios…
- Huge Costs – Last year (2022) the Data Protection Commission conducted 17 large-scale enquiries resulting in excess of 1 BILLION EURO worth of fines. You might read that and think “thats for the big guys though with huge multi national companies” and you are likely right, however in November 2022 the DPC had fines ranging from €1,500 – €17 million euro confirmed in the Dublin Circuit Court. €1,500 is most likely not a fine being dished out to one of the “big guys” and a fine that could quite easily derail a Solo business or SME. GDPR really is for business of all sizes (read my last blog if you need convincing).
- But thats not all – Once the DPC decides to fine or not, you could also have legal action taken against you from the subject of the Data Breach, or any staff members who were also impacted. Both the business as a whole and individual staff can be sued leading to huge payouts. Think of this like a situation where someone has a car accident and is tried and fined for dangerous driving and then sued by the other party involved for a personal injury claim…the same can happen with a Data Breach.
- Your insurance may not cover the legal costs of a claim – this is the same as leaving the keys in your car and then being surprised when your car is stolen and annoyed when the insurance won’t cover the costs. If you’ve chosen to ignore the GDPR guidelines and can’t prove otherwise your insurance company may not cover you for those huge costs mentioned above.
Then to move on to the slightly less scary but no less important results of ignoring GDPR and being non compliant…
- A data breach can lead to loss of reputation- Imagine being the business that ends up in the local papers or the subject of “did you hear about…” around the town. A bit like bad reviews, being dragged through court for losing peoples data is news that will travel fast & be damaging to the reputation you’ve worked hard to build.
- Audit by Data Commissioner’s Office – who can fine you up to 4% of your annual turnover (as mentioned above) this is also published in local and nationwide media, not to mention the sheer amount of paperwork, paper trail chasing and administrational work.
GDPR needs to be thought of in the same category as insurance, Vat and Revenue – its something you HAVE to deal with, sure you can take the gamble and ignore it but do you really want to leave yourself open to the possibilities of an issue coming up?
All of the above possible ramifications can be avoided by doing some leg work and taking the time to at least cover the following;
- Providing adequate training to all members of staff
- Putting into place compliant procedures to make sure personal data is only be processed, shared, retained, stored, or transported within the correct guidelines.
- Having auditing carried out on at regular intervals.
- Having someone in place to oversee the GDPR operations.
- Listening, understanding, and embracing the need for GDPR to be implemented asap.
GDPR doesn’t have to be scary, I aim to take the fear out of GDPR and can audit your company pointing out where a breach could happen and helping you to prevent this and avoid any of the above situations!.