GDPR Penalties & How You Can Protect Your Business.


The general data protection regulation

Since our last article on GDPR in March, all of the new regulations have been put in place and are now in full effect as of May. Despite this, some businesses have not taken the time to look into these new regulations and as a result are facing heavy fines reaching into the hundreds of thousands of pounds or even up to twenty million euros.


What Is GDPR?


The General Data Protection Regulation was put into effect on 25th May 2018 and was made as an extension of the updated 2018 Data Protection Act. It also replaces the 1995 Data Protection Directive. The GDPR has introduced a range of new regulations which have changed the ways in which a business can carry out marketing campaigns and how they can collect user data. These new regulations include:

  • New purpose limitations for collected user data (Collected data must be used for the specified purpose and should not be used in any other manner unless consent is given by the specific user).

  • New regulations on how user data must be processed in order to maintain the safety of sensitive information (Appropriate measures must be put in place both technical and organisational to prevent accidental loss, damage, or unauthorised/unlawful access).

  • Controllers must retain evidence that the user has legally consented to the collection of his or her data for specific purposes.

  • The 'Right To Be Forgotten' regulation has now been replaced with a more limited 'Right Of Erasure' which states under article 17 of the GDPR that a user who has given personal data reserves the right to request that their data be erased under a number of grounds.

These are just a few of the new regulations put in place just a few months ago.


What Actions Can Warrant Fines & How Much Can They Be?


Over the past few months, many companies have become subject to penalties under the GDPR. The maximum penalty for infractions against the GDPR can reach up to €20,000,000 or 4% of the business' annual turnover, whichever is greater. Although the maximum fine has not been given yet, many companies large and small have been receiving penalties.

Some of the fines that have been given are:



• A marketing firm was fined £100,000 for making 75,649 nuisance calls to people who had opted out of receiving marketing calls by registering with the Telephone Preference Service (TPS).

• A company that enquires into sexual abuse against minors was fined £200,000 after revealing the identities of a number of abuse victims in mass emails.

• A financial solutions company was fined £300,000 after they instigated the transmission of automated marketing calls to people who had not given consent.

• A high-street mobile phone company was fined £400,000 after serious failures put both customer and employee data at risk.

• A Police force was hit with a £150,000 penalty after three DVD's that contained footage of victim interviews of violent crimes were lost in the post.


How Can You Protect Yourself?


It is highly advisable that you familiarise yourself and others in your business or organisation, with the new laws and legislations that are part of the GDPR and other data protection laws. By doing this you can begin to understand what you should avoid doing in order to keep your business operating within the lines of the law. You can also start to put in place measures that will prevent any breaches of data protection laws from happening inside your firm. You may need to dedicate a member of staff or hire additional staff that can focus their efforts on ensuring that your business is compliant with the new data protection laws. Their responsibilities could include maintaining security both physical and digital to prevent any unauthorised/unlawful access to user data. Keeping up to date with user preferences whether they are only allowing certain means of contact or none at all, this must be put onto a file so that their privacy is respected. Another responsibility could be creating meetings that inform all staff of the GDPR regulations and the severity of the penalties that can be given if breaches are made. We are assisting companies to help them ensure that their data is accurate, up to date and opted in, in accordance with the new data legislation. If you hold a database of customers it will need to be brought into line with this new legislation. If you would like to speak to us about our GDPR services we are currently offering to businesses, then do get in touch us.