What are the data protection fines violations? The GDPR states explicitly that some violations are more severe than others. Also, the less severe infringements could result in a fine. In this article, we will discuss the fines of data privacy and how it affects the organization.
Data Protection Fines Violation
Data protection fines violations are when a company or individual violates the data protection provisions in the Data Protection Act of 1998, which applies to UK citizens.
Up to 20 million euros, or 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise. Whichever is greater, if the infringement is “not likely to have a significant” impact on individuals.
Up to 10 million euros, or 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise. Whichever is greater, if the infringement is “likely to have a significant” impact on individuals.
Up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater, if the infringement is “serious”.
The maximum amount may be up to 10% if the infringement is by a legal person, or up to 20% if committed by an individual.
If the violation is “serious”, a fine of up to 20 million euros or, for an enterprise, 4% of the annual worldwide turnover of the preceding financial year may be imposed.
The maximum fines may be up to 10% for legal persons and up to 20% for individuals if the infringement is “very serious”.
Examples
Organizations have to consider the data protection fines violations, as well as the following examples:
In May 2018, Facebook released its first report on government requests for user data and content removal. This report also included information on government requests regarding national security and counterterrorism.
The report revealed that the UK made the most requests for Facebook user data. It is with 12,598 requests made in the first half of 2018. Facebook said it disclosed some data in 79% of cases.
On April 17, 2018, the Information Commissioner’s Office announced that British Airways (BA) would be £183.39 million. Also, it is for data breaches that occurred in September and December 2017.
The two breaches affected approximately 500,000 customers and compromised their personal and financial information. It includes names, addresses, email addresses, and payment card information.
The Information Commissioner’s Office notes that BA handled the breach well after it occurred but did not meet its data protection responsibilities before or after the breach occurred.
GDPR
The General Data Protection Regulation (GDPR) is a regulation that has been by the European Parliament. It replaced the Data Protection Directive and came into force on 25 May 2018.
How does this affect organizations in the UK? The GDPR still applies to organizations outside the EU if they offer goods or services to individuals in the EU.
Conclusion
The GDPR is a regulation that protects the privacy of individuals within the EU. It gives them the right to know what data organizations hold about them.
The GDPR also provides a mandatory data breach notification requirement. If an organization has been compromised, it must disclose the breach to its customers and authorities.