Increased Financial Exposure under GDPR


Increased Financial Exposure Under GDPR



 You can download a full copy of the slides from this webinar. 




Full transcript available below:

Good afternoon. Thank you for joining the webinar today. We're going to give everyone just a couple more minutes to join and then we'll start the webinar. Good afternoon and thank you for joining today's webinar Prepare your firm for GDPR hosted by me Bethany Sirven of MyComplianceOffice with feature presenter Emily Mahoney.

Next. What you've all probably heard about the increased financial exposure. Now, currently the rules across the EU differ. The DPC in terms of an ability of a data protection authority to impose a fine on an entity for not complying with the data protection directive. The DPC in Ireland for example, cannot directly impose fines. This will change. Under the GDPR as mentioned, there's a two pronged fine schedule up to 10 million or 2% of total worldwide annual turnover for breaches of obligations of the controller are available.

Up to 20 million or 4% of total worldwide annual turnover and again that's 20 million euro and 10 million euro for breaches of obligations including the basic principles for processing such as consent if you're relying on consent to process data. Data subject rights, violations of data turns for obligations under the GDPR.

Obviously, these fines are discretionary. A data protection authority will have discretion when determining the level of fine. It contains the GDPR itself, it contains a list of factors for determining the level for example if you are hopefully not, but if you are repeat offender, you may be faced with the highest fine for example.

Next would be a data subject claim. Now, the GDPR is more plain to friendly as opposed to the directive. There is an explicit right to compensation for damage for an individual for both material and non-material. If I'm a data subject and I feel that my fintech company that I'm using has violated my data subject rights, I can sue you even if I can't show material or financial damage. That's a change. 

Depending upon how much data ... How [inaudible 00:17:45] data subjects will be depending upon your jurisdiction, this is something to pay attention to and then also, the potential for group actions to be brought as facilitated depending upon the jurisdiction you're in and whether those type of actions are available.

Finally, possible joint and several liability. If both the processor and a controller is found to have violated a data, the GDPR, then they may also be liable.



This webinar was co-hosted with Mason Hayes & Curran


Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download