We do not recommend ignoring the provisions of the GDPR. The regulatory authorities can issue huge fines. There are two tiers of fines. One is reserved for procedural and minor mistakes, with fines ranging up to EUR 10 million or 2 percent of the company’s global turnover, whichever is higher.
The other tier pertains to severe negligence and wilful infringement of personal rights. The maximum fines for this kind of infringements is doubled to EUR 20 million or 4 percent of the company’s global turnover, whichever is higher.
But it’s not that grim. These are maximum fines, and it’s unlikely your company will get fined by that amount. Repeat transgressors will be issued high fines, but first-time offenders will likely get just a warning and a list of issues that they must get in order.
Supervisory authorities, which are responsible for issuing fines, are not policemen, and they will – and must – cooperate with companies to help them resolve any issues they might have. Therefore, despite the media claims of potential huge fines, in most cases it will be business as usual, but with a new, clearer set of requirements.
Find out more about fines here.