GDPR Non-Compliance: Minimize Risk in Four Steps

Posted by Jeff Pelliccio on Jul 21, 2017 9:00:00 AM

In ICS insights

With just over a year to prepare for required compliance with the GDPR (General Data Protection Regulation) on May 25, 2018, you fully understand that time is short. No matter how much you and your team have read, studied and memorized the key components of the GDPR, you know there are strict penalties for non-compliance.  

The Basic Requirements of GDPR  

While many companies have already adopted certain, many or all aspects of the GDPR, others are still doing the legwork to prepare, so have no fear if you are still in the planning stages. However, it is probably time to start preparing or building your compliance team to make sure you are prepared for all the new GDPR requirements, which include:  

  • One Law Across Europe. You will no longer need to deal with 28 international laws for the countries of Europe when working with your European customers; instead, you will only have one set of laws to which you need to comply via the EU.  

  • Breach Notice. Any data breaches experienced must be reported within 72 hours.  

  • The Right to Be Forgotten. This regulation gives European customers the opportunity to request certain information about them from their databases.  

  • Data Transfers Outside the EU. As long as you have standard contract clauses prepared and in place, you no longer need to provide DPAs for each transfer. 

  • Marketing Data. There are stricter requirements for companies that want to use customer data for marketing purposes, as well as customers' right to object.  

  • New Assessments of Data Protection Officers. Any company that employs long-term, large-scale monitoring of data subjects must appoint a data protection officer.  

  • Data Protection by Design. Companies that work with European customers must take data protection into consideration in the designing stages of their data processing.  

The Penalties for GDPR Non-Compliance  

Besides learning all you need to know about this new regulation, for the sake of good business practices, you also need to understand all the penalties involved with GDPR non-compliance. The consequences for not following through with preparing for the GDPR implementation are severe and may prove costly for your organization.  

There are three primary GDPR non-compliance penalties that cause them to feel so intense and stringent, which are:  

  • Reputational Risk. A data breach is always a penalty in itself, no matter how it occurs, since it casts doubt on a company's data protection practices. With the GDPR, companies must now notify authorities of data breaches will likely result in additional enforcement activity. Without having the opportunity to understand the reason for the data breach, companies need to compromise their market position and reputation right away.  

  • Large Fines. The fines for GDPR non-compliance are significant. Companies who do not completely adhere to the General Data Protection Regulation may face fines of €20 million or four percent of global turnover; whichever of the two is higher.   

  • Geographic Risk. More a matter of who is subject to risk than the risk itself, geographic risk illustrates how far-reaching the impact of the GDPR is, as well as who it affects. Anyone that does business with European customers is subject to compliance. This risk involves everyone from merchants to data analytics firms.  

Minimize the Risk of GDPR Non-Compliance with Four Simple Steps 

Looking at those risks, you understand the critical importance of starting your preparation for GDPR implementation now. Take a look at the following four simple steps to minimize the risk of GDPR non-compliance and the tough penalties that could follow:  

  1. Invest in Data Governance. Any organization that has already accumulated large amounts of data while doing business with European customers is subject to the strict penalties going forward and retroactively. With that in mind, data governance is critical. Prepare your data and the processes you used to gather, store, manage and use it. Designate a data protection to manage your data governance.  

  2. Build and Implement Technological Infrastructure to Support GDPR Compliance and the Protection-by-Design Approach. Develop a data and analytics infrastructure that is specifically controlled, portable and compliant with your goals. Also, managing data lineage lets you know the history of the data in a snapshot, so having a system focused on illuminating that lineage is important.  

  3. Improve Your Data Security Practices. You are probably always on watch for the most impenetrable security for your organization's benefit, but the GDPR adds a new level of intensity in the search. Focus on privacy rights, proper use of data, notification of use, consent and rectification when it comes to data security.  

  4. Build a GDPR Compliance Team and Make Communication Its Foundation. Train your existing employees on GDPR compliance, and encourage questions and open communication. You may also need to enlist the expertise of consultants—or you may even hire someone permanently—in legal compliance and data protection. 

Let Us Help You Build Your GDPR Compliance Team  

If you are feeling the stress of the highly stringent General Data Protection Regulation, you are not alone. What's more important is that you do not need to face it on your own. No matter how talented your existing staff is, the GDPR is an immense challenged and riddled with strict penalties. At ICS, we can help you build a highly specialized compliance team to help you feel more confident as the official deadline looms closer. Message us to discuss what you need to ensure full GDPR compliance.  

Find Talent NOW

FTN Legal Compliance.png