Create and maintain a defensible and proactive strategy for GDPR Compliance
The General Data Protection Regulation (GDPR) came into force in May 2018, building on the strong data protection principles set out in 1995 in the Data Protection Directive.
The harmonization of the fragmented data protection landscape that existed under 28 different national laws to provide legal certainty for individuals and businesses in, or operating in, the European Union (EU).
An improved governance structure centered on independent national data protection authorities.
The strengthening of individuals’ rights.
The regulation affords supervisory authorities with expanded powers, including issuing warnings of noncompliance, carrying out audits, requiring remediation, and suspending data transfers to other countries. It also increases their investigative and corrective powers.
More significant is that the regulation empowers supervisory authorities to issue substantial penalties for noncompliance. Depending on the violation, organizations could face up to the higher of £20 million or 4% of an organization’s global annual turnover.
Some significant fines have been imposed in 2019-2020 including Google (€50m – France), TIM (€27.8m – Italy), Austrian Post (€18m – Austria), Wind Tre S.p.A (€16.7m – Italy) and Deutsche Wohnen (€14.5m – Germany). What is interesting to note about these fines, in addition to their size, is that they show that supervisory data protection authorities are becoming increasingly willing to impose fines for a broad range of infringements including over-retention of personal data.
Lighthouse’s GDPR offering includes three components – planning, legacy data remediation, and ongoing support services.
A Lighthouse expert is available to answer questions about your information governance needs.