GDPR has not yet hit the headlines in the way that it ultimately needs to.
The ICO continues to issue guidelines and yet their communications appear to be buried amongst the multitude of spam and other general email notifications,
I have spoken to a number of people who are registered with the ICO, and who knew nothing of the recently published articles from the Article 29 Working Party on breach notification and automated individual decision-making and profiling.
For reference they can be located from the links here:-
The ICO are still happy to publicise headline fines and high profile cases, such as the charity worker who sent personal data to his own email address, and the lead generation company that were fined £80,000.
However, this does not really highlight the inherent dangers of ignoring the GDPR. What would the equivalent fines under the new regulation?
Research suggests that it could be multiplied by a factor of 70+
The maximum fine under the DPA is £500,000. However, the highest fine issued to date is £400,000.
Under GDPR the maximum fine increases to 20,000,000 Euros, or 4% of global annual turnover, whichever is the greater.
I look forward to the day when the ICO gives equal significance to the major impact of GDPR as it does to the relatively small fines of today.
