GDPR: Should Businesses Be Worried?
The General Data Protection Regulation (GDPR), the EU’s comprehensive data protection regulation, comes into effect in nine months.
The measure includes the possibility of massive fines for businesses: up to $22 million or four percent of a company’s global revenue. The UK’s information commissioner recently published a blog post to assuage this fear.
“It is scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” wrote Elizabeth Denham.
GDPR requires companies to protect private data that comes their way. The regulation applies not only to companies resident in the EU but also to all companies that offer goods and services to EU residents.
Denham goes on to claim that there’s lot of misinformation out there about what GDPR is all about, for example, that GDPR will stop dentists ringing patients to remind them about appointments, and that it will devastate small businesses.
“If this kind of misinformation goes unchecked,” wrote Denham, “we risk losing sight of what this new law is about – greater transparency, enhanced rights for citizens and increased accountability.”
Denhan poo-pooed the notion that governments will be levying massive fines against businesses. “This law is not about fines,” wrote Denham. “It’s about putting the consumer and citizen first.”
It’s true that the possbility of huge fines exists under GDPR, “but it’s scaremongering,” according to Denham, “to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm.”
Despite Denham’s calls to reduce scaremongering around the hefty fines associated with GDPR, Patrick Lastennet, director of marketing and business development at Interxion, warns companies not to take a wait-and-see attitude over whether the rules will be strictly enforced, or enforced differently in some countries than others.
“Customer data must be safeguarded,” he said, “and the GDPR rules aren’t luxuries. They’re solid best practices that every company should be following. They will help you win more business in Europe. Spend the time now securing your customer data, and don’t run the risk of a headline-grabbing fine and the damage to your brand’s reputation.”
And Denham admits, for her part, that companies will subject to “heavy fines for serious breaches.” “But we intend to use those powers proportionately and judiciously,” she added. “And while fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective.”
GDPR gives the authorities a suite of sanctions to help organizations comply, such as warnings, reprimands, and corrective orders. “While these will not hit organizations in the pocket,” wrote Denham, “their reputations will suffer a significant blow.”