Much has been made in the media about the fines imposed by the Information Commissioners Office (ICO) on businesses and organisations who have had a data breach. Whilst financial penalties are punitive, a breach under GDPR can have other unexpected and unwelcome consequences.
The Consequences of a Data Breach
- Fines - The ICO can impose a fine which can be as much as 20,000,000 euros or 4% of global profits. The ICO states that a financial penalty is intended to be “effective, proportionate and dissuasive”
- Sanctions - The ICO also has the power to impose other sanctions such as prevent the organisation from processing their data (known as “stop now” orders), which will effectively bring a business to a standstill.
- Reputational Damage - When the ICO investigates a breach, details are published on the ICO’s website. This can be picked up by the media and published widely. A potential business partner can also check if there have been any data protection issues with your organisation.
- Compensation Claims - An individual, even if they are not distressed or inconvenienced by the data breach, can claim compensation. Law firms have set up with the sole purpose of pursuing a business on behalf of an individual who has suffered a data loss. If there have been multiple individuals affected then compensation could be substantial. If the individual has suffered loss or distress as a result of the breach, the level of compensation or damages paid are likely to
- Financial – increasingly Banks and other financial institutions will not lend to a business without first checking they are GDPR compliant as part of their due diligence process. This could affect a business’ borrowing capabilities.
- Tendering – when tendering, many organisations now ask for GDPR documentation before a tender will be accepted.
- Sale/Merger of Business – with there being greater risks for a business which is not GDPR compliant, a prospective purchaser or merger partner is likely to ask for GDPR documentation and may decide not to proceed if the level of GDPR compliance is inadequate.
- Loss of Business Opportunities – business contracts often require a business to be GDPR compliant and some organisations will not do business with an organisation who is not compliant.
We work with organisations and businesses in a variety of sectors including medical, retirement and third sector. We understand the importance of using data. With our unique legal, practical and marketing approach we can assist businesses and organisations to become GDPR compliant and minimise the risk of a data breach.
How can Affinity Resolutions Help?
We understand the needs of an organisation to use an outside business. With our unique legal, practical and marketing approach we will ensure that we create for you a bespoke agreement which both meets the GDPR and allows you to carry on your business as you wish