Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or Ã¢Â‚Â¬20 Million (whichever is greater).
This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
Hva er informasjonssikkerhet
There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising government and data subject about a breach or not conducting impact assessment.
It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
Processing personal evidence is generally banned if it is not expressly allowed by law, or the impacted persons have not consented to processing these data. The assent of those whose personal evidenceis collected, processed and/or used puts the persons in the position to be able to dispose of their personal rights.
The basic obligation for the effectiveness of valid legal consent ar outlined in art. seven of the GDPR and hooked more in recital thirty two. This should be granted for a concrete case when adequate clue is provided to the person concerned and should be clearly communicated. The person anxious should be a real selection for the assent to be voluntary.
For more advice on how to be sure you are in compliance with the new law, visit GDPR Personvern