Who Enforces GDPR Compliance?

One of the most talked about aspects of GDPR is GDPR compliance and non-compliance fines. They can be extraordinarily high – some as much as 4% of a business’ global revenue, or €20,000,000 whichever is higher.

What’s not often discussed is how the GDPR regulation is going to be enforced – who is it that will come knocking?

They’re called Supervisory Authorities (SAs) and they have a number of investigative and corrective powers to bring to bear. Below is a non-comprehensive list of what they can do:

  • They can conduct audits
  • Review certifications
  • Issue warnings should it appear a GDPR violation may occur
  • Order a processor or controller to comply with GDPR
  • Impose limitations, and even bans, on processing
  • Impose administrative fines
  • Suspend data flows it deems non-compliant

Each member state of the EU will appoint a SA who will work with other member state SAs. A business will have one “lead” SA and a European Data Protection Board will coordinate the SAs.

If your business processes or stores data on citizens of the EU and you’re concerned about GDPR compliance, contact-us today. While the deadline for compliance (May 25, 2018) may have passed, we continue to help many businesses in a variety of industries with this challenge through our GDPR Compliance Services.

Overview of the phases of our GDPR Compliance Services:

Sera-Brynn GDPR Compliance Services