The General Data Protection Regulation (GDPR) is helping to enhance privacy for consumers whose personal data is irresponsibly handled by businesses. For many, GDPR is a blessing that helps uncomplicate the process of controlling your personal data, but for businesses, GDPR presents a bevy of new obstacles with severe penalties.
In part one of this two-part series, our Houston construction law attorneys examined the effect of GDPR in the United States and how tech giants are resisting the oncoming privacy legislation. In part two, we will examine the penalties for violating GDPR.
Although evaluating cases of GDPR noncompliance takes careful consideration for each individual case, a series of guiding principles ensures consistency among all data controllers and processors. The GDPR imposes harsh fines on businesses that handle personal data based on these 10 criteria:
- Nature of Infringement: Overview of the infringement that includes information on the number of people affected, the damage they suffered, the duration of the infringement, and the purpose for processing their personal data.
- Intention: Was infringement intentional or negligent?
- Mitigation: The response taken in the incident of infringement. What actions were taken to mitigate the breach?
- Preventative measures: The level of technical and organizational preparation implemented to prevent noncompliance with GDPR.
- History: How past infringements, including infringements under the Data Protection Directive, and former corrective actions under the GDPR, dictate the degree of transgression in a case of noncompliance.
- Cooperation: The level of cooperation exercised by the businesses in question and their willingness to aid the supervisory authority in their investigation.
- Data type: The types of data impacted by the infringement.
- Notification: How proactive was the firm’s response to a breach in personal data? Did they report the infringement directly to the supervisory authority, or was it reported by a third party?
- Certification: The qualifications and certifications procured by a firm to adhere to GDPR laws before, during, and after an infringement.
- Other: Any other mitigating factors that would require further investigation from a GDPR supervisory authority.
The GDPR distributes lofty fines for noncompliance according to the most severe infringement only, even in cases of multiple violations. The lower level of fines can reach €10 million or 2% of the worldwide annual revenue of the previous fiscal year. The GDPR will select the more severe punishment to be incurred by the violator. The upper level of fines can reach €20 million or 4% of the worldwide annual revenue of the previous fiscal year. Once again, the penalty will be assessed at the highest value.
GDPR will soon affect all U.S. businesses. Our construction law experts can help you prepare for GDPR so you can stay compliant from the beginning.
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.