Chambersfield Economides Kranos is a leading provider for GDPR compliance and implementation services. The EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) was ratified on the 14th of April 2016. The wording of it provided an updated version for the Directive 95/46/EC and can be considered as one of the most enormous changes established in the EU, regarding the data protection law. Specifically, GDPR governs the processing of personal data within the EU and/or third countries that process personal data of a European individual, providing protection of individuals in relation to the process of their personal data and the movement of such data.
The core purpose of the implementation of the GDPR was to ensure that each and every legal entity that process personal data are held responsible for the safeguarding of the fundamental right of a person to the protection of their personal data. Unlike the directive it replaced, Article 58 of the GDPR provided the right of each EU Country to maintain a competent authority, with comprehensive powers to monitor the compliance, to mandate corrective measures and to impose administrative fines for non-compliance, when necessary.
According to the wording of the GDPR, the EU data protection law introduced a rigorous regulatory framework, for the first time, in order to ensure the preservation of the personal data of an individual during the processing of them by legal entities. For this purpose, Article 83 delivered the conditions under which administrative fines can be imposed, depending on the nature and severity of a breach that might occur. To this point, noted shall be that serious breaches that might occurred due to the non-compliance of the legal entity with the Regulation can be punishable by fines of up to EUR 20million or the 4% of the worldwide total revenue of the legal entity for the preceding financial year, whichever is greater.
Indeed, a fine of such degree and extent can cause irreparable damage to a company or even put a company out of business. Hence, the compliance of a legal entity with the GDPR can be argued as of a paramount importance and a company shall adopt all possible measures necessary to ensure such compliance. However, after almost two years from the implementation of the GDPR, i.e. since the 25th of May 2018, numerous organizations do not seem to adopt to the core idea of GDPR and ensure their compliance with it; jeopardizing their reputation and endangering their total revenues to severe fines.
Consequently, on the 13th of January 2020, the Office of the Commissioner of Personal Data Protection of Cyprus, the independent supervisory authority for the protection of the individual in Cyprus, announced the largest corporate fines that were imposed up to date, due to the non-compliance of Cyprus Companies with the GDPR. The aforementioned fines relate to three affiliated legal entities and they exceeded the total amount of €82.000, resulting from the unlawful use of an automated formula to manage and monitor their employees’ sick leaves.
Despite the fear of financial penalties as mentioned above, it could also be argued that an incorporation’s initiative for the enforcement of GDPR can also provide a strategic and marketing tool for the enhancement of the company, itself.
To this point, it should be noted that according to surveys, the GDPR-compliant companies have formed a competitive advantage from those that did not comply with the Regulation. The reasoning behind of this is that such companies have built confidence into the organization and developed a “trustworthy” reputation to the public, which resulted from the promotion of the culture of respect towards data protection. Thus, the companies that have not yet complied with the GDPR are nowadays driven to enforcement in order to be able to compete with their competitors and gain the trust of larger companies or peers that they co-operate with or intend to do so.
Therefore, the survival of a company; particularly those which process personal data; in this competitive environment mandates the adoption of the appropriate measures for the achievement of the legal obligations that they are subjected to GDPR compliance. In cases that the persistency of companies to ignore or demonstrate insufficient respect to the Regulation prevails, up until today, the vulnerability of those companies to all the consequences comes with it.
You may contact our law firm for a detailed discussion on the subject of GDPR and how we can assist you in achieving full compliance.