Penalties - Payments, Press and Prosecution

“It has been widely publicised that the penalties under GDPR are much more severe than under the Data Protection Act 1998. The penalty which has received the most coverage is the monetary fine, issued by the ICO. Currently the ICO has the power to issue a fine of up to £500k. Come 25 May 2018, under GDPR, the ICO will have the power to issue a fine of up to £17m or 4% global turnover, whichever is higher.

Secondly, and a penalty which I have found to be much more costly for businesses than any fine, is the publicity the ICO is allowed to generate relating to your sanction. When sanctioned, the ICO will issue a press release, detailing your breach and the sanction they have imposed upon you. Current customers will hear about the data breach, potential customers will hear about the data breach, competitors will hear about the data breach. The impact on the sustainability of your business can be catastrophic.

Thirdly, the ICO have the powers to issue criminal proceedings against your organisation for failure to comply with the legislation. And you could find yourself in court again, being sued by the data subjects for failing to protect their personal data. 

Do you think your business could survive these consequences?

To find out more about how we can help your organisation become compliant with GDPR - visit”.