The information security management system is going to see a change in EU countries after General Data Protection Regulation will come into force in May 2018. As per EU GDPR, any organisation that has access to the personal data of citizens of EU countries are bound to follow these regulations. It doesn’t matter whether they are located in any of the EU countries or not, their access to EU citizen’s data make them eligible to follow this new set of regulations formed by EU GDPR.
There are certain requirements set by EU GDPR to be followed. If an organisation is unable to follow those requirements, they will be penalised with a heavy fine, depending on the offense.
Read on to know details of the offenses and the fines that will be imposed on the organisations, if they fail to meet the requirements of EU GDPR.
A company may be charged with a fine of 10 million Euros or 2% of their annual global revenues if:
GDPR may penalise a company with a fine of 20 million Euros or 4% of their annual global revenues in the cases of:
It is to be noted that an organisation will be charged fine on the higher amount. For example, if their offense falls in the 1st category (as mentioned above), they will be charged either 10million or euros or 2% of their revenues, whichever amount is higher.
EU GDPR requires every organisation that is accessing EU citizen’s data to adhere to all the requirements and regulations set by them in order to secure the consumer right. Therefore, any company, whether it is present in EU countries or not, that has a direct or indirect access to personal data of EU citizens, must follow these regulations.