GDPR Fines and Governance Deficits

Nicholas J Price
5 min read
Across the globe, nearly all of our personal and business functions have been digitized due to the rapid advancements in technology. These devel personal and corporate information.
opments have greatly enhanced the way that we live and work. As digital solutions have come forth that save us time and money, technology has not afforded people and businesses the secure digital solutions to keep pace with the infinite number of electronic apps and systems being designed and made available for personal and business use. The gap between digital product offerings and secure solutions has drastically increased the risk of data breaches of confidential personal and corporate information.

The General Data Protection Regulation (GDPR) was the first attempt at data privacy legislation anywhere in the world. The E.U. government carefully crafted this legislation to lessen the gap between the governance benefits and deficits of the digital age.

Background Information on GDPR

The E.U. government recognized that there was a governance deficit that was created by the advancements in technology. They responded by stepping out of the box with the goal of establishing digital privacy legislation aimed at data protection reform. The ultimate goal of GDPR was to make Europe fit for the digital age. In so doing, GDPR also gives European citizens more control over their data.

The government's intent is to simplify the regulatory environment so that European businesses and citizens can benefit fully and safely from the digital economy. The European Commission put GDPR in force in late 2018. The legislation applies to any company or organization that either operates within Europe and any other organizations outside of Europe that offer goods or services to customers or businesses within the European Union.

The result of this legislation means that every major company in the world should develop a GDPR strategy for compliance.

This carefully planned legislation provides a single set of rules that apply to companies within Europe and those businesses that do business with E.U. member states. The reach of this legislation extends past European borders to include international organizations that have their headquarters outside the European Union, but that do business on European soil.

The E.U. government hopes that having a single supervisory authority for all the E.U. GDPR will make it easier to bring benefits to European businesses, and it will cost less.

What Is the Structure of the GDPR Fines?

It's important to note that GDPR has a specified structure for fines and that not all infringements lead to fines. The expectation is that fines will be issued on a case-by-case basis and be effective, proportionate and dissuasive.

There are two tiers of administrative fines that can be issued as penalties for noncompliance. Companies may be fined up to 'Ǩ10 million, or 2% annual global turnover, whichever is greater. Or, companies may be fined up to 'Ǩ20 million, or 4% annual global turnover, whichever is greater.

Data controllers and processors face administrative fines of up to 'Ǩ10 million, or 2% of annual global turnover, for infringements of articles:

  • 8 (conditions for children's consent)
  • 11 (processing that doesn't require identification)
  • 25'39 (general obligations of processors and controllers)
  • 42 (certification)
  • 43 (certification bodies)

Or, up to 'Ǩ20 million, or 4% of annual global turnover, for infringements of articles:

  • 5 (data processing principles)
  • 6 (lawful bases for processing)
  • 7 (conditions for consent)
  • 9 (processing of special categories of data)
  • 12'22 (data subjects' rights)
  • 44'49 (data transfers to third countries)

The Information Commissioner's Office (ICO) has the authority to take other actions such as issue warning and reprimands; impose a temporary or permanent ban on data processing; order a company to rectify, restrict or erase data; and suspend data transfers to third countries.

What Is a Governance Deficit and What Is Its Relationship to GDPR?

A governance deficit refers to the lack of security, lack of foresight and lack of accountability of general governance principles. New insights from Diligent Institute tell us that governance deficits spanning more than 12 public companies have cost shareholders more than $490 billion in revenue in the year following the financial crisis. Good governance has equipped companies to surpass their peers by 15%, which should get the attention of every company.

Companies need accessible data to alleviate the governance deficit. Currently, most companies store their data in disconnected systems where it doesn't get automatically updated or shared between users and systems.

GDPR is a modern approach to motivating companies to close the gap in the governance deficit. Without the proper digital tools, boards lack access to the right information at the right time to make the right decisions around major issues like activist investors, cyber risk, increased regulations, diversity and global uncertainty.

What Is a Modern Governance Approach to Eliminating the Governance Deficit?

A modern governance approach to eliminating the governance deficit requires companies to make the best possible use of technology to protect companies from risk. Digital tools for communications and file sharing that were designed for public use are woefully inadequate and non-secure for corporate use.

Without a secure board management software system like Diligent Boards and Governance Cloud, board directors are at risk of unintentionally sharing highly sensitive data haphazardly, allowing virtually anyone in the world access to their board materials. Data breaches can lead to lost value for investors, employees and innocent customers. Now, with the implementation of GDPR, the stakes are even higher. Other countries may soon follow suit, using GDPR as model legislation. There was never a better time to work on closing the gap in the governance deficit.

The right systems are available in the form of board management software by Diligent Corporation. There's no more need to take risks with sensitive data or expose your company to GDPR fines. A secure board management software system by Diligent Corporation ensures that board directors have information that is up-to-date and accessible anywhere in the world at any time of day or night. Diligent is the pioneer in modern governance. The company serves the largest global network of corporate directors and executives worldwide. It makes sense to put your trust in an innovative, industry leader that will serve your governance needs now and in the future.