Non-compliance: what’s the worst that can happen?

Non-compliance with data protection laws can cause significant issues for an organisation but what are the key risks?

  •  Regulators can take action against an organisation for failure to comply with data protection laws. Depending on the nature of the non-compliance, they can issue a fine of up to €20/£17.5 million or 4% of the business’ global turnover for the previous year, whichever is higher. They can also issue warnings, reprimands or enforcement notices requiring companies take actions which can include stopping processing activities. The largest fine issued (so far) for failures to comply with the GDPR was €1.2 billion!
  • A company that fails to comply with data protection laws, particularly those relating to data security, faces an increased risk of a data breach, which can have potentially catastrophic consequences for both the organisation and the individuals. Data breaches have lead to issues such as identity theft, fraud and serious distress for the victims.
  • Under GDPR, individuals have the right to sue for damage they suffer as a result of infringements of data protection legislation. In 2021 British Airways settled a claim by over 16,000 individuals whose data was stolen as a result of a cyber-attack.
  • A company who is found not to be complying with data protection laws risks significant reputational damage, with potential for local, national and even international media coverage, which could significantly affect trust in the organisation and its future business prospects.

To avoid sleepless nights, get in touch, and let us help you take control of data protection compliance.


Don't just take our word for it