APR 2018
Non-Compliance with GDPR Can Lead to Penalties Amounting to Millions

Non-Compliance with GDPR Can Lead to Penalties Amounting to Millions


The clock is ticking and the arrival of the new GDPR will imply major changes, especially for those companies that haven't got ready for it. A few days ago Joaquín Muñoz, Head of IT&IP at ONTIER Spain, was interviewed by digital newspaper Kippel 01 to talk about the most significant changes to be brought by this normative and the consequences of its implementation.

First of all it should be noted that the purpose of this regulation is protecting Internet from bad practices with their personal information carried out by third parties, which applies to all companies regardless of their size. 'Many SMEs think there's nothing to do until the GDPR enters into force in May 25. But that's completely wrong', notes Joaquín Muñoz.

Furthermore, companies don't just need to comply with the new Regulation: they also need to prove that they're complying with it on the long run. We're talking about regulations with proactive responsibility, whereas previous regulations were characterised by their reactive approach.

One of the most obvious consequences of implementing the GDPR has to do with the company's resources. Muñoz notes that 'Spain is usually taken as a reference, especially because of the demanding nature of the Spanish Data Protection Agency (AEPD) in the last few years', therefore Spanish companies have nothing to worry about in this regard.

The new GDPR can also bring dilemmas for companies, as explained by Muñoz: 'companies are facing a dilemma: on the one hand, they need to be transparent and get individual consent, but on the other hand, their databases are probably going to get filtered and lose potential in doing so.'

Non-compliance with the regulations won't be an option for companies, as penalties can go up to 4% of their annual turnover, which could mean over 20 million euros. Muñoz explains that 'severe penalties apply to very serious cases: what is trying to be avoided here is for companies to consider facing the sanction if it's worth it.'

The new GDPR is about to come true, and the clock is ticking for companies that haven't taken the required measures yet.

Here you can read the full article (SP only).