![Personal Data – The Regulator’s picking up the pace](https://chadlaw.dnsupdate.co.uk/wp-content/uploads/2019/08/glenn-carstens-peters-203007-unsplash-740x388.jpg)
01
Aug 2019
Personal Data – The Regulator’s picking up the pace
It’s been nearly 18 months since the introduction of the General Data Protection Regulation (“GDPR”) which saw a drastic overhaul for organisations who control and process ‘personal data’.
Some businesses have taken the approach that GDPR is less serious and less consequential than it really is. The real aim of GDPR was to motivate organisations to transform their personal data policies practices to keep up with evolving technology in an increasingly global world.
Should a breach of personal data occur within an organisation, with intent or not, they could be subject to a fine of up to 4% of their annual net turnover or up to $20 million. British Airways was recently fined £183 million for a substantial breach of around 500,000 of its customers’ personal data, including customers’ names, bank details and email addresses. This fine equated to around 1.5% of its annual turnover.
It’s worth emphasising that mere fines aren’t the only method of enforcement action. An employee in the motor industry was sentenced to prison for 12 months and subject to a fine of £25,500 which he was personally liable for, in a case brought by the ICO. The employee, without permission, accessed thousands of records of personal data controlled by his former employer and used this personal data at his new employer; without their permission also.
Chadwick Lawrence’s Crime and Regulatory Team have substantial experience in assisting businesses with personal data compliance strategy, audits and drafting bespoke policies and procedures to confirm with each business’ individual needs. Contact the team on 01924 379 078 today for a no obligation chat on how we can help.
- Like this ? Share with friends