“Up to 4 % of an undertaking’s global worldwide annual turnover for the preceding fiscal year”
This is arguably the single most powerful (and certainly the most frightening) statement from the GDPR. The heavy consequences of noncompliance with the recently enacted regulation was most likely the catalyst that propelled many organizations’ readiness review for GDPR. At a high level, one may assume that you can compute your risk exposure simply by multiplying (.04 x Gross Annual Revenue).
But it is not always that easy! This formula applies to organizations that are part of a single “undertaking” as defined by the regulation. For organizations that are not considered a single undertaking, the total exposure may be more difficult to calculate since the annual revenue totals may be part of a larger group of enterprises. This aspect of GDPR raises a number of critical questions, including the following:
- What is an “undertaking”?
- How do I know whether I am a single undertaking?
- If I am not a single undertaking, how do I compute my potential risk of noncompliance?
- Is a fine inevitable, or could I receive a lesser penalty?
Read the full article on www.threatstack.com
About the Author
More Content by Kevin Kish