Being non-compliant with privacy rules can be punishable by fines, decided by authorities or courts. In case of strong violations, some laws can lead to jail sentences.
The maximum fines under the Data Protection Act in the UK range from GBP5000 to GBP500 000. As can be seen from the significant number of security breaches involving personal data, many organisations have not taken data security seriously. In Germany, administrative offences can be punishable by a fine of up to € 25,000, e.g. in case of failing to appoint a data protection official. Companies can also be fined up to € 250,000 in other cases e.g. if a firm collects or processes personal data that is not generally accessible without authorisation.
Most companies consider bad publicity as a higher risk than getting fined. Data authorities and the media are publishing more information about violations and due to recent scandals, customers and citizens are becoming more and more informed and sensitive to this subject. In Germany, companies like Lidl, Deutsche Telekom and Schlecker have recently been involved in data protection scandals.
Depending on the country the authorities are empowered to intervene and freeze illegal processes.
Data Protection Authorities are entitled to check if you really fulfill your legal obligations under the Privacy Shield Framework. We advise you to submit your annual self-certification through our dedicated Services.