Non-compliance with GDPR: what are the risks?

Captivea LLC, Sébastien RISS

Everyone is talking about GDPR, but very few businesses have actually begun taking steps to be compliant before it enters into force on May 25th, 2018. Some have even specifically decided not to comply with the requirements of this new law! Quite rightly, many managers doubt the relevance of the regulation and are convinced that it will be a flop. They therefore prefer to wait and see how things turn out before addressing matters. But, specifically, what is at risk if you do not comply with the GDPR?

GDPR means that sanctions are possible for ALL businesses, including SMEs and micro businesses

Generally speaking, the smallest businesses are those that are most at risk of breaching the GDPR because they don't think it really affects them. However, like other businesses, SMEs and micro-businesses have data (which may be more or less sensitive) that relates to identified or identifiable natural persons (even if that only means their employees!) In fact, the GDPR applies to businesses of all sizes, whether or not they are based in Europe, as soon as they hold and process personal data relating to a European citizen.

There is, therefore, a realistic risk of being sanctioned for everyone: if one of your customers, prospects or competitors complains to the regulatory body (such as CNIL), the regulator is obliged to take action. It will happen sooner than you think! Moreover, the punishments for illegal data processing will be extremely severe: the Regulation foresees fines as high as 4% of the annual revenue.

As such, even if there is relatively little risk of enforcement action in the first year, it's advisable to achieve compliance as soon as possible! Because, aside from the financial implications, non-compliance can still hurt you.

Discover our White Paper on GDPR

Non-compliance means damaging your image

The repercussions of public sanctions could have an extremely negative impact on the trust of your customers and prospects and even your staff. However, even if there is no punishment, the simple fact of failing to comply with the GDPR means adopting a position that could hurt your image. Indeed, your customers, partners, and prospects are highly likely to ask you whether you comply with the GDPR before working with you. And, even if you fudge your response to the topic, a few simple searches will help them see through you very quickly! You will, therefore, give them the impression that you resist change or that you are pushing back on the regulations for obscure reasons of your own. In short, no complying with the GDPR will not help your business!

Similarly, if you are a supplier or a subcontractor and you are asked to sign "personal data" and "liability" clauses in your contracts, you'll be caught short! There's no doubt that your business will suffer as a result. That's a pity because by complying with personal data regulations, you could actually be identifying new opportunities. A great way to catch your reader's attention is to tell a story. Everything you consider writing can be told as a story.

The GDPR can be a source of additional business

Those who fail to comply with the regulations imposed by the GDPR will be operating illegally but, in addition, they will be missing out on a wonderful opportunity to communicate with their customers. Indeed, if you're going to make the necessary efforts to comply with the regulations, people might as well know about it!

And rightly so, because although it is often seen as a limiting factor, GDPR can become a genuine competitive advantage! How? Quite simply by highlighting in your communication the steps you have taken to comply. A good way to gain the upper hand over your competitors who have not yet taken these steps or who haven't considered communicating about it!

In conclusion, the risks of non-compliance with GDPR are real. SMEs, micro businesses, and major corporations must all communicate about the steps they are taking now to ensure compliance with the new law and avoid painful consequences.