Group Fines Under the GDPR

“Up to 4 % of an undertaking’s global worldwide annual turnover for the preceding fiscal year”

This is arguably the single most powerful (and certainly the most frightening) statement from the GDPR. The heavy consequences of noncompliance with the recently enacted regulation was most likely the catalyst that propelled many organizations’ readiness review for GDPR. At a high level, one may assume that you can compute your risk exposure simply by multiplying (.04 x Gross Annual Revenue).

But it is not always that easy! This formula applies to organizations that are part of a single “undertaking” as defined by the regulation. For organizations that are not considered a single undertaking, the total exposure may be more difficult to calculate since the annual revenue totals may be part of a larger group of enterprises. This aspect of GDPR raises a number of critical questions, including the following:

  • What is an “undertaking”?
  • How do I know whether I am a single undertaking?
  • If I am not a single undertaking, how do I compute my potential risk of noncompliance?
  • Is a fine inevitable, or could I receive a lesser penalty?

Read the full article on www.threatstack.com

About the Author

Kevin Kish

Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. Prior to joining Schellman, Kevin worked as a IT Compliance Manager, specializing in IT Security and Data Privacy compliance frameworks, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As a Senior Associate with Schellman, Kevin is focused primarily on data protection laws for organizations across various industries.

More Content by Kevin Kish
Previous Article
Experts Break Down GDPR Risks for Investors
Experts Break Down GDPR Risks for Investors

Privacy protection is about to change. Starting on Friday, May 25, the European Union will be enacting the...

Next Article
Global Privacy Updates at the Global Privacy Summit
Global Privacy Updates at the Global Privacy Summit

GDPR was the star of the show for the 2018 IAPP Global Privacy Summit.



Looking Back at GDPR and Looking Forward

Free Webinar
3/29/19 @ 1 PM EST

REGISTER