The new GDPR regulations place extensive legal responsibilities on company directors for effective data management. The associated risks for non-compliance could be detrimental as failure to comply can result in a fine (for which there are three levels), the highest level being 4% of annual global turnover or €20 Million (whichever figure is the greater). Another example could be a company being fined 2% for not having their records in order, not notifying the supervising authority (SA) and individual/data subject about a breach, or not conducting a Data Protection Impact Assessment (DPIA).
There are no exemptions from GDPR. Board members will be expected to demonstrate accountability, compliance and transparency across data management activities which are part of good corporate governance and will only strengthen an organisation’s position if managed effectively for positive outcomes around corporate reputation, stakeholder relationships, winning new business, maintaining customers and mutually beneficial supplier relationships.
Preparing now to get it right for when GDPR comes about in May 2018 will benefit organisations enormously.
For further practical advice and our CEO Whitepaper – An executive summary, sign-up to Gravicus Osprey to gain access to data management tools and our Resource Centre.
Telephone: 0203 858 0636
Simple and smart data management