Some businesses are keeping their heads in the sand while others are fearful of what’s ahead, but the forthcoming General Data Protection Regulation (GDPR) could, in reality, be a force for good.
On one hand, the new obligations threaten punitive fines for non-compliance, poor accountability and data breaches. The new rules apply to all organizations that deal with the personally identifiable information (PII) of EU residents. This covers both employees and consumers of the services they provide. These fines are also intended to be taken seriously, rising to 4% of annual worldwide turnover or €20m – whichever is higher. Consequently, weighing up the cost of prosecution versus the cost of compliance is no longer an option.