Referring to the GDPR (see previous post), the Information Commissioner says, “This law is not about fines” but goes on to point out that: “It’s true we’ll have the power to impose fines much bigger than the £500,000 limit the DPA allows us. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.”
She then says: “it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm… the GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow… And you can’t insure against that.”
You might think that’s just a different kind of scaremongering!
If you would like a short (4 page) briefing document setting out what SMEs need to be doing right now, please drop an email to firstname.lastname@example.org. If you would like to attend a practical seminar in Milton Keynes on what the changes are and how to implement them, please sign up using this link: