What are the risks of non GDPR compliance?

Companies doing business inside and outside of the European Union, cannot afford, financially or reputation-wise, to store and process personal data in non-accordance to the GDPR.

Data-confidentiality has become a crucial issue, and data-protection is one of the most important issues facing our ultra-connected era. Progress in Information and Communication Technologies (ICT) have dissolved global borders and empowered worldwide citizens with access to global financial, artistic, business and political opportunities. Facilitated global communications has made it possible for people across the planet to stay informed through media supports.

At the same time, this progress has opened the gates to the massive data mining of millions of consumers. Creating unimaginable commercial activities, both directly, and indirectly, from the exploitation and commercialisation of their personal data.

Indeed, immeasurable quantities of personal data are collected every single day by companies and administrations, through various technical operations, both with and without, consumer consent to the use of their data.

To address the personal risks of data-processing, the European Union has established and implemented important measures to guarantee data-processing is secure, and respectful of citizens’ rights. This vision is the foundation of the General Data Protection Regulation, which established strict and defined laws that everyone processing personal data must adhere to.

What are the risks of not complying with GDPR?

In order to enforce compliancy, and to enforce citizens’ rights to protection of their personal data, GDPR calls for active sanctioning of companies not respecting the regulations.

Let’s take France for example: The French adopted the Law for a Digital Republic and has raised the sanction cap from €150k to €3M for first-time GDPR breachers.

The CNIL (French government commission mandated to monitor information technology development respects privacy, individual rights and public liberties) requires sanctioned companies to inform data subjects (and national commissions monitoring and enforcing GDPR) data breaches, at their own expense.

  • Fines up to €10M or 2% of annual global turnover for Privacy by Design, Privacy by Default, PIA, etc. failures
  • Fines up to €20M or 4% annual global turnover for breaches of personal rights (right to access, rectification, opposition, cancellation, right to be forgotten, etc.)

Administrative and penal sanctions

Beyond administrative and criminal penalties, a crucial factor that companies must take into account, is the risk of ruining their brand and company reputation. Customers and partners lose confidence…

To find out more about GDPR obligations, risks and penalties involved, please visit the European Commission official website.

Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.


Share this article

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.