GDPR, data, protection, security, cyber security, customer data, flaw

GDPR – Liabilities to your business

GDPR Liabilities to your Business

Under GDPR it won’t just be the Data Controller (DC) who is held liable for data processing issues. Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects. This will help to ensure that companies / organisations take a close interest in all parts of the data storage and processing chain to ensure compliance all the way along, within the organisation, and in the choosing and management of 3rd party relationships.

Privacy Must be Designed and Built-in to the System

Privacy by design means that your software, your systems and processes must be designed around compliance with the principles of data protection every step of the way.

If you use 3rd party companies e.g. cloud suppliers, you are reliant on them building-in privacy by design, such as encryption. Other elements of your systems, such as bespoke software written before privacy by design and using software that doesn’t use encryption is, therefore, likely to be non-compliant. Old systems may, therefore, need to be replaced.

Keeping Audit Logs

Under GDPR something as simple as a published privacy policy will no longer suffice. Companies / organisations will have to keep an audit log of how they are compliant. Privacy must be by default, and companies / organisations must have concrete proof of their compliance.

The Regulations Apply Wherever You are in the World

Under GDPR, any European data protection authority is able to take action against organisations regardless of which country they are based in.

The Penalties are Much Bigger

The penalties for non-compliance with GDPR are much greater than the penalties for non-compliance with the existing Data Protection Act. Figures / analysis by Oliver Wyman, for example, show that FTSE 100 companies could face fines of up to GBP 5 billion for breaches of the GDPR. Had GDPR been in place for the past five years, the top listed UK companies could have been fined GBP 25 billion.

Under GDPR, failing to gain consent to process data or a breach of privacy by design, will mean that companies / organisations will be fined up to €20 million, or 4% of their global turnover (whichever is greater).

Under GDPR, fines will be levied using a tiered approach, depending upon the scope of the violation. Lesser violations e.g. records not being in order, or failure to notify the supervisory authorities, or not conducting a PIA where it was necessary, could mean that companies / organisations incur fines of 2 per cent of global turnover.

"Highly recommend! These guys really know their stuff!"

Google review
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650