Consequences of GDPR non-compliance
Not complying with the GDPR implies that you are unlawfully processing personal data of the persons concerned and or not taking the required safety measures.
This may mainly result in:
A. Data breaches and theft of sensitive information such as trade secrets
Many obligations following from the GDPR have as a purpose to ensure that you process personal data in a thoughtful way, adequately protection your (personal) data and entire ICT infrastructure against undesired access, both from within as from the outside.
This means that by complying with the GDPR, you will also better secure and protect your company against cyberattacks, data breaches, etc. Furthermore, duly organising the way data is used and accessed in your company, will also protect other sensitive business information and trade secrets from being easily accessed by unauthorized persons and/or leaked to third parties.
B. Complaints by customers, clients and employees
Citizens are becoming more and more aware of their privacy, of the importance of data protection and of the obligations of businesses with regards to data protection.
This means that also your clients, customers and employees may disapprove if you do not treat their personal data in a GDPR compliant way and my complain about this, to you, to third parties, to social media or to the government.
They may also try to use this against you, for example if there is a disagreement or a dispute about something related to your relationship with these persons, they may try to use your non-compliance in their favour. For example, by threatening to file a complaint at the data protection authority.
C. Administrative audits and administrative fines
The data protection authorities may start an audit, triggered by a complaint or on their own initiative, when they notice that some of your publicly available information or communications appears to be non-compliant.
In that case, you will have to demonstrate that you comply with all provisions of the GDPR, which will take time and effort. And if non-compliance is established, this may result in administrative GDPR fines, which may in theory amount up to 20 million euros (or 4% of the yearly worldwide turnover, if that amount is higher). In practice the altitude of the fines will be much lower and will depend on the kind of infringement and the effort you have already put in complying with the GDPR, but this is of course not something you want to test.
D. Other local criminal fines and criminal charges under national law
Depending from the countries in which you are active, local laws may impose criminal prosecution and fines in case of non-compliance.
E. You may become ineligible to participate to public tenders or to work for clients or customers who must be GDPR compliant themselves
When you provide services to public authorities or to customers or clients in regulated sectors, they will often impose on their suppliers to be GDPR compliant. Non-compliance may therefore exclude you from being able to participate to such projects or calls.
F. Negative publicity
Not being GDPR compliant may cause negative publicity, for example to clients who care about their privacy, by being called out by activists on social media or by being mentioned din the press when a data breach occurs.
Time for action!
Start today with your GDPR compliance. Don’t know where to start? Read our section on “Where to start compliance?”