The upper limits of GDPR penalties are:

• Up to £8.7 million or 2% of annual global turnover (whichever is higher) for less serious infringements and fines of up to £17.5 million or 4% of annual global turnover for severe infringements.

In addition to these fines, companies may also suffer regulatory sanctions inhibiting them from certain processing activities effectively stopping business processes.

Compliance with any regulation brings operational advantages and the GDPR is no different.  Applied correctly, a GDPR compliant business will benefit from greater operational efficiency, an improved data security environment, reduced data storage and maintenance costs, enhanced risk management practices and improved trust and credibility in your respective market.  GDPR compliance is also considered a cornerstone of customer service as it empowers your customers to exercise their data rights whilst building their trust.

The GDPR applies to:

• A company or entity which processes personal data as part of the activities of one of its branches established in the EU/UK, regardless of where the data is processed; or
• A company established outside the EU/UK and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU/UK.

If your company is a small and medium-sized enterprise ('SME') that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn't create risks for individuals, then some obligations of the GDPR will not apply to you.  Get in touch and we can help you navigate how the GDPR should specifically be applied to your business.

A DPO is mandatory if your company is a public body, your core activities involve large-scale regular and systematic monitoring of individuals, or if your business processes special category data. If your organisation falls into any of these categories, you’re legally required to appoint a Data Protection Officer.  However, many organisations employ the services of a DPO even if they are not legally required, in order to ensure they are meeting compliance standards.  At GDPR Solutions we will always be transparent with you and not oversell you on services you don't reasonably require.

 The GDPR sets out seven key principles:

• Lawfulness, fairness and transparency - you must have valid grounds for processing data which is fair and never misleading to data subjects.
• Purpose limitation - you must only process data for specified purposes and not alter that purpose without notifying a data subject first.
• Data minimisation - only data that is absolutely necessary for your specified purpose should be collected.
• Accuracy - Businesses must maintain data accurately and correctly and where possible allow data subjects the opportunity to update their data as necessary.
• Storage limitation - personal data should only be kept for as long as it is needed and stored securely with limited access.
• Integrity and confidentiality (security) - businesses must ensure they have appropriate security measures in place to protect the personal data they hold. 
• Accountability - businesses must take responsibility for what they do with personal data and how they comply with the other privacy principles. 

These principles should lie at the heart of your approach to processing personal data.

Yes, we take confidentiality very seriously and will always keep any information shared confidential.  We will never reveal the identity of our clients unless we have their express consent to do so.