Why is the GDPR important?
Compliance with data protection law has always been important. In the UK, some serious breaches of data protection law by individuals have always been capable of leading to criminal convictions. Moreover, organisations could be fined up to £500,000 for breaches of data protection law.
The GDPR will raise the maximum fine for an organisation for a serious breach of data protection law to the greater of 4% of global annual turnover and €20 million (approximately £17 million). The financial consequences, in addition to potential brand damage, for non-compliance can therefore be drastic under the GDPR.
In addition to the increase in maximum fines, the GDPR introduces many new compliance obligations. Therefore, just because your organisation may be complying with existing data protection laws, it is almost certainly going to have to make several changes to its policies, procedures and documentation to comply with the GDPR.
The GDPR will affect every organisation which processes personal data. Processing can be as simple as storing or keeping records of personal data. As just about every organisation holds some sort of personal data (whether it is employee records, marketing data, customer contact details), it is virtually impossible to think of an organisation which will not, in some way, be impacted by the GDPR.