These days, we store a huge amount of personal information online. From our online banking and cards to the bills and goods we purchase, there’s a trail of personal data accompanying most people on the internet. This has had plenty of ramifications for businesses too. Below we explore what GDPR is, and why it’s important.
What is GDPR?
GDPR refers to the General Data Protection Regulation; it came into EU law in 2018 – and it has been retained in UK law since Brexit. The regulation protects the personal data of citizens more stringently – this is any online information related to a person: such as a name, photo, bank details, passwords etc.
The regulation lends citizens a number of rights. Amongst the most important rights, you’ll find: the right to access you information; the right for your information to be deleted; the right to be notified of a data breach; the right to object to giving up your personal data; and the right to provide consent to opt in, and allow your data to be recorded.
Why is it important?
The consequences for companies that infringe upon these rights can be severe and can mainly be split into the three categories below.
Subject to a fine
Companies can be subject to a fine if they’re not compliant with GDPR. It can be a heavy fine too – up to £17.5m or four per cent of a company’s annual turnover. The severity of the fine is based on a number of factors surrounding the data breach. This usually refers to the duration of the breach, past behaviour of the company, the type of breach and whether it was intentional.
Sometimes the damage to a company’s reputation can be worse than a fine. If consumers realise that a company misuses their personal information, then they’re most likely going to have concerns about using that company. Businesses with a relaxed approach to data protection will quickly gain a poor reputation.
Will have to pay compensation for damages
On top of a fine, individuals can also seek compensation from companies. Data protection breach compensation can be incredibly costly to businesses when multiple individuals are suing for damages. For the most serious breaches, there can be a high volume of claims, which – when combined with a fine and reputational damages – can put a company under serious pressure.
GDPR compliance is therefore vital to businesses. For a start, it’s the ethical thing to do – if you exploit personal information, you deserve a punishment. But beyond this there are strong financial and reputational penalties. Amazon were handed a record fine in 2021, sending out a strict warning to businesses.