Those that fail to show they are taking steps to comply with the GDPR will face fines and liability for negligence. The GDPR creates two tiers of maximum fines. The higher fine threshold is four percent of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. The lower fine threshold fine is two percent of an undertaking’s worldwide annual turnover or 10 million euros, whichever is higher.
Let’s say you are taking steps towards GDPR compliance and a breach occurs. Your organization will be able to avoid these fines if they can prove they’ve taken steps towards compliance by way of thorough reporting and documentation. If you have taken these steps, but cannot prove it, you will be held liable.
Many organizations find it difficult to prove compliance even when they’re taking the steps to achieve it. This may be because they do not have a system in place to keep track of the multitudes of moving parts involved in a large regulation like the GDPR. Or perhaps they are trying to document their progress, but do not have a way of consolidating the documentation.
Can your risk software provide you a full GDPR compliance readiness checklist? Ideally, your risk management platform should make it easy to build out a regulation report where each requirement of the GDPR is a line item, to which administrators can answer ‘yes,’ ‘no,’ or ‘N/A.’ This feature not only helps your business keep track of where they are achieving or lacking compliance, but it also assists you in building out comprehensive reports to show auditors and regulators.