One of the most talked about aspects of GDPR is GDPR compliance and non-compliance fines. They can be extraordinarily high – some as much as 4% of a business’ global revenue, or €20,000,000 whichever is higher.
What’s not often discussed is how the GDPR regulation is going to be enforced – who is it that will come knocking?
They’re called Supervisory Authorities (SAs) and they have a number of investigative and corrective powers to bring to bear. Below is a non-comprehensive list of what they can do:
- They can conduct audits
- Review certifications
- Issue warnings should it appear a GDPR violation may occur
- Order a processor or controller to comply with GDPR
- Impose limitations, and even bans, on processing
- Impose administrative fines
- Suspend data flows it deems non-compliant
Each member state of the EU will appoint a SA who will work with other member state SAs. A business will have one “lead” SA and a European Data Protection Board will coordinate the SAs.
If your business processes or stores data on citizens of the EU and you’re concerned about GDPR compliance, contact-us. The deadline for compliance is May 25, 2018.