UK information commissioner Christopher Graham says the European General Data Protection Regulation (GDPR) must be adhered to by business.
Graham told the IAPP Europe Data Protection Intensive 2016 conference in London that punishment of â¬20m, or 4% of global turnover, show how serious the GDPR is about enforcement.
He added that such figures should interest organisation boards as they are bound to be of interest to shareholders and that the GDPR enables organisations to grasp digital benefits without infringing individual privacy.
However it is intent on enforcing organisations to play fair and big companies will no longer be able to dismiss fines up to £500,000 from the Information Commissionerâs Office (ICO).
He went on to say that increasing alertness in organisations is vital and must be taken seriously by all organisations with privacy professionals ensuring they avoid the dangers of the digital age.
Graham continued that due to this, ICO is focussed on advising guiding and enforcing proper management of risks to individual privacy.
He said that organisations will be in difficulty if they do not govern themselves correctly through the rules and that they must pursue digital opportunities carefully.
Graham stated that organisations should ensure respect for individuals’ autonomy and consumers’ rights before deciding what action to take.
However, he was not discouraging organisations from being ambitious, rather his message was to adhere to the guidenlines and make the ICO your ally.
He also said that the ICO makes things easier for companies to observe the GDPR which comes into action two years from now.
There has also been a 12 step guide published for organisations to comply with and a toolkit for small to medium-sized enterprises to ensure GDPR compliance.
Graham finished by saying that ICO is in position to provide guidance and will liaise with European data protection authorities to aid the GDPR’s application.