The Real Risk Under GDPR Post by Admin , May 02, 2018. Legal Support Below is a blog post by our expert Consultant, Nicola Walker, recently posted to Walker Thomas Solicitors, in regards to GDPR and the real risks businesses face. With the introduction of GDPR less than one month away the real risks of any breach are being drawn to our attention every day. You cannot avoid reading a news article (or a Walker Thomas LLP social media post) discussing GDPR. The new usage terms are being issued by the big brand leaders such as Facebook, Google, Gmail and WhatsApp. The cynic in me feels that global leaders such as Facebook releasing statements demonstrating due care towards their younger users by seeking parental permissions for the youngsters to fully utilise the site is probably a tactic to detract from the disgraced data breach of the 50 million users a few weeks ago. Do big brands really care about our data? Possibly, however current reports suggest that the data polices being issued to EU state members are not being extended to the rest to the world…… I trust this has been an oversight and will be rectified soon. The Information Commissioner’s Office (ICO), only issued 16 fines during the year 2016/2017. Most of the data protection in articles we read highlight the significant changes under GDPR is the increase in fines. Fines are set to increase to a maximum 4% of global turnover. Given that Facebook’s annual revenue for the 12 months leading up to 31 December 2017 was just around 40 billion, any breaches resulting in a fine under the GDPR similar to the recent breach could lead to a 1.5 million fine. Perhaps one of the least talked about changes, which I would suggest the most significant to business owners, is the self reporting obligations for private businesses being introduced under the GDPR. Under current legislation, private sector businesses do not have to report breaches to the ICO. Facebook, as a private sector organisation, had no obligation to report recent data breaches. The reasoning behind self reporting is to place you on the ICO’s radar. I suspect that fines will be used as a last resort for repeat offenders or reserved for breaches whereby there has been a large volume of data compromised. The scaremongering over fines is evident but actually not a serious consideration if you have undertaken a data protection audit, have your polices in place and have trained you staff accordingly. Understanding your obligations and taking them serious will prevent breaches, thus minimise the need to self report and eliminate any large fine. The real risk of GDPR non compliance, or a breach, is the damage to your brand. You maybe able to afford to pay a fine but can you afford the damage to your reputation when your business is being ‘named and shamed’? I certainly don’t want to be the business that has to write to clients advising them that I’ve allowed their data to be compromised. The BBC reported earlier this week “Facebook's quarterly sales rose by nearly 50% in the social media giant's first results since a privacy scandal over users' data emerged”. Facebook makes money by selling advertising, not actually from its users, and I suspect the reason it can sustain a hit to its reputation. Most small businesses would not be able to sustain new work or loyalty from our customers if we were seen as a business that cannot be trusted to keep our customers data secure, we would will lose existing customers and struggle to attract new customers in this digital age. So my lasting thought is not to get distracted by the GDPR fines, take your responsibilities as data controller seriously, unless of course your business can sustain reputation damage and no customer base... Our service provides you with powerful policies and procedures, accelerating your business to compliance. For advice, guidance & delivery across your Business call Walker Thomas Solicitors on 0207 842 1868, email us on email@example.com make an online enquiry. Join the rest of our clients and get compliant.