BLOG

GDPR Myth #6: No one will know if I don’t comply with GDPR

blog-article-img
Mar 09, 2018 GDPR News GDPR

It’s not true. If you do absolutely nothing to prepare for GDPR, take 25 May off, put your out-of-office on and don’t pay any attention to anything related or connected to GDPR, you’ll be found out pretty quickly.

What happens if I don’t comply with GDPR?
First of all, people will know you aren’t complying because your privacy notices will not be GDPR compliant. They must identify the legal basis for processing data, and if that’s consent, then the consent being taken must comply with GDPR rules.

GDPR consent rules are a lot more specific than previous ways to collect consent, so much so that consent which does not meet GDPR requirements will not be valid after 25 May and you’ll be in breach of GDPR if you rely on it.

Responding to Subject Access Requests – no more £10 fee
Another way you could get found out is when people start making Subject Access Requests. Under GDPR, these are free and must be completed within one month. So as soon as one of your staff send out that standard reply to receiving a SAR that they can’t process it till the £10 fee has been paid, you’ll be breaching GDPR.

If you decide to just pretend to comply, by updating your privacy notices, identifying the legal basis for processing, refreshing consent and informing people of their rights to access their data, you’re halfway there and might as well just go the rest of the way by sorting out your back-end operations to become GDPR compliant.

It is true that you might only be found out if something goes wrong; if there’s a data breach or someone makes a complaint. This is where the sanctions from the supervisory authority come in. They have been set at such a high level, 4% of global turnover or €20m, not to scare those who are trying their best but to punish the rogue businesses who just don’t want to bother.

Let’s face it, there are many unscrupulous companies out there who make money by abusing people’s data, and write-off fines and sanctions as just the cost of doing business. GDPR is designed to tackle those kinds of data abuses, not the honest mistakes of organisations who are doing their best.

Even if you can’t get everything ready on day one, write a plan. Include milestones and realistic dates. Be ready to show the regulator how you are trying to comply with GDPR and all the steps you are taking to do so, even if it’s not all finished yet. No one can expect perfect compliance from the very next day, but doing absolutely nothing is just not an option.

RELEVANT COURSES

BACK TO ALL POSTS

NEXT

side-bar-post-img
Mar 09, 2018 Interviews GDPR
Interview of Theodoros Kringou, Managing Director of Infocredit Group
READ MORE
side-bar-post-img
Mar 09, 2018 ICSA GDPR
Tom Morrison Essay Prize - £1000

Be in with a chance of winning £1000 1st Prize and £500 2nd Prize by entering our essay competition.
READ MORE
side-bar-post-img
Mar 09, 2018 VinciWorks GDPR
Impactful story-based diversity training

Recent events have once again highlighted racism and grave injustices towards people of colour, accentuating the need for both continued and renewed introspection and action to fight against racism. Our course, Diversity and Inclusion at Work: MyStory, sheds light on instances of discrimination, racism and bias all too frequently experienced by people in the workplace.

READ MORE
side-bar-post-img
Mar 09, 2018 Training News GDPR
How Essential Is eLearning To Our Lives?
READ MORE
side-bar-post-img
Mar 09, 2018 VinciWorks GDPR
Training that goes beyond ticking the box

Regulated businesses are required to undertake training relevant to their staff’s roles and responsibilities to ensure they have the necessary skills to protect the organisation against money laundering and terrorist financing.
READ MORE
side-bar-post-img
Mar 09, 2018 GDPR
Tom Morrison Essay Prize

Be rewarded for your original thinking.   Enter our essay competition to be in with a chance of winning £1000.
READ MORE