Under GDPR, fines associated with noncompliance are up to 4 per cent of annual turnover or €20 million, whichever is higher. This is the maximum fine that can be imposed upon a business for the most serious infringements, such as not requesting proper customer consent. Fines will work in a tiered approach depending on the severity of the noncompliance, and GDPR enforcement will apply to both controllers and processors.
Individuals are granted increased rights regarding the use of their personal information, including the right to access, remove, object and transmit their data.
Under their expanded rights, individuals have the right to know whether personal data concerning them is being processed, where and for what purposes. If the individual asks for their information, GDPR states it must be given to the individual free of charge and within a month’s period.
The right to be forgotten, also known as Data Erasure, allows individuals to require the processor and controller to erase their personal data. As outlined in Article 17, this also includes situations where the data is no longer relevant to the original purposes it was being processed for. Individuals can also object that their data be used for direct marketing purposes, limiting the ability of marketers to profile individuals for promotional purposes.
Finally, individuals have the right to have their data moved to another controller “without hindrance from the controller”. For anyone who has previously struggled to move banks or phone companies, this will provide individuals with the ability to more freely move their accounts and information to another business.
Capitalising on long-term benefits
As with any new change initiative, implementation may be difficult for some firms to manage. Yet as businesses begin to execute, monitor and review controls and procedures to be compliant with GDPR, they will see its long-term benefits. Three of these are outlined below:
The strict guidelines around data security will reduce risks by making businesses less vulnerable to security threats, data loss and breaches, thereby decreasing the likelihood of brand and reputational damage as well as regulatory fines. Higher levels of security will also ensure that customers have trust and loyalty with your brand and improve brand confidence among the public.
Many firms currently have an overwhelming amount of fragmented customer data stored in their systems with little guidance or understanding of how to use it. Typically, various components of data are stored in multiple locations, leaving businesses vulnerable to the risk that any update does not populate data thoroughly.