GDPR: Protecting your business from non-compliance

 In Insights, News

Key points:

  • It will take effect in all EU countries by May 25th 2018
  • Fines for being found non-compliant and data misuse could be up to £20 million or 4 percent of global annual turnover, whichever is higher.
  • The GDPR aims to give citizens greater control over how companies use and store their PII (personally identifiable information).



Individual rights to privacy are coming under intense scrutiny from both regulators and the public at large in jurisdictions all around the world. This is unsurprising given the recent data scandals involving the likes of Facebook and Cambridge Analytica. This large-scale misuse of individuals’ private data is a salient reminder of the low level of online privacy we can expect in the modern age. However, governments are now reacting to defend the rights of individuals this area.

In order to bolster individual rights to online privacy, the EU will be implementing its watershed GDPR regulation to provide EU citizens with greater say on what personal data gets stored, and who stores it.

There are heavy sanctions against companies and organisations that do not comply with the GDPR. Companies who collect any personal data from EU citizens will need to comply with the GDPR or face heavy fines, no matter where in the world those companies are based.


Why is it important?

The GDPR aims to redesign privacy laws across Europe so that the legislation is more uniform, precise, and comprehensive. In doing so it hopes to expand the rights of EU citizens to give them greater privacy and access over their personal data. However, this also means that for businesses with European customers, the chances of non-compliance are far higher.

The GDPR also requires personal data to be collected and processed in a legal and unambiguous manner. Personal data should also only be collected to serve a purpose and used in a way that is compatible with that purpose. Organizations will be made to list the reasons why they need a person’s data before collecting it.

EU citizens can also request a copy of all personal data held about them, which must be provided within 30 days. They can request that their data be updated, deleted or moved to another organization without impediment.

The new provisions regarding personal privacy provide a great deal of power to EU citizens but can be harmful for companies who do not go through their user or customer data with a fine-tooth comb.


What penalties are there for non-compliance?

The penalties for non-compliance can be detrimental to companies. The vast number of situations in which non-compliance can occur, as aforementioned, also do not simplify the compliance process for companies.

Starting from the 25th of May, those found to be non-compliant may be subject to large fines and regulatory sanctions and fines equating to up to 4% of a company’s annual global turnover or €20m, whichever is greater. Given the gravity of these sanctions it is best that companies comply directly with the GDPR.


The difficulty of compliance

The process of compliance with the GDPR is both difficult and expensive. According to Ernst & Young, the 500 biggest companies in the world are on track to spend a total of $7.8b complying with the GDPR[1]. Depending on the size and business model of the company, companies may also be required to designate a “data protection” officer responsible for this compliance.

For example, Microsoft currently has 300 engineers working to ensure that the company is GDPR compliant by the 25th May. Generally speaking, the larger the company, and the greater the company’s customer database, the effort is required to maintain compliance, making the compliance process very troublesome for large enterprise firms

Compliance readiness is also low amongst the majority of cyber security and compliance organisations, with 60% of the IT processionals surveyed by Crowd Research noting that they are likely to be underprepared at the 25th May deadline. This means that enterprise firms looking to outsource the compliance process may not be able secure a consultant in time for the deadline.


How Checkbox can help with GDPR compliance

For both small and large enterprises, Checkbox’s drag and drop no-code interface offers an intuitive automated compliance platform that allows companies to build form processes internally, ensuring compliance with the GDPR is strict and inexpensive.

For more information about how Checkbox’s platform can help simplify the GDPR compliance process visit



Recent Posts
  • Ria

    Thank you for this – super interesting. I will book a Demo.

Leave a Comment