Many business owners wonder, “Do I need to be GDPR compliant? What if I’m not?”
Simply put, you should be GDPR compliant. By ignoring the regulation, your company is put at risk of being liable for heavy fines.
Data controllers will be looking at sites to determine whether a website is compliant based on 10 criteria. The following criteria can be found on www.gdpreu.org:
- Nature of infringement: number of people affected, damaged they suffered, duration of infringement, and purpose of processing
- Intention: whether the infringement is intentional or negligent
- Mitigation: actions taken to mitigate damage to data subjects
- Preventative measures: how much technical and organizational preparation the firm had previously implemented to prevent non-compliance
- History: (83.2e) past relevant infringements, which may be interpreted to include infringements under the Data Protection Directive and not just the GDPR, and (83.2i) past administrative corrective actions under the GDPR, from warnings to bans on processing and fines
- Cooperation: how cooperative the firm has been with the supervisory authority to remedy the infringement
- Data type: what types of data the infringement impacts; see special categories of personal data
- Notification: whether the infringement was proactively reported to the supervisory authority by the firm itself or a third party
- Certification: whether the firm had qualified under approved certifications or adhered to approved codes of conduct
- Other: other aggravating or mitigating factors may include financial impact on the firm from the infringement
Regarding the fines, there are two tiers. The Lower Lever, up to €10, and the Upper Level, which is up to €20. The fees are between 2% and 4% of the worldwide annual revenue from the previous financial year, respectively.
Obviously, this is a huge amount that can be mitigated by just ensuring your site is GDPR compliant before the May 25th 2018 deadline.
Just Applications offers an easy solution in making sure your site follows the correct privacy procedures, cookies, opt in/opt out, etc. The cost is low and a one-off payment. However, it does not ensure that your privacy policy is sufficient nor other aspects of your business.
Please enquire at 0121 285 1050 for further information.