The Information Commissioner’s Office (ICO) has gone some way to explaining the fines and penalties that organisations can face under GDPR. But they have also said that the financial implications should not be the sole reason that you comply with GDPR.
The point of GDPR is to put the public and the individual first when it comes to what is done with their personal data and who has access to it. And it is that which should be the organisation’s driving force to be more transparent.
Previously, the maximum fines that could be given in the event of a breach of the Data Protection Act were £500,000. With the advent of the GDPR, the ICO has the power to impose fines much higher than that. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.
Under the new law, the maximum fine is £17 million or 4% of an organisation’s annual turnover, whichever is greater.
But the ICO has a history of using fines as a last resort. After all, it’s aim is to ensure high standards are maintained and to arm organisations with as much information as possible. During the period of 2016/2017, the ICO concluded 17.300 cases, with only 16 of them resulting in a fine.
