Being non-compliant with privacy rules can be punishable by fines, decided by authorities or courts. In case of strong violations, some laws can lead to jail sentences.
The maximum fines under the Data Protection Act in the UK range from GBP5000 to GBP500 000. As can be seen from the significant number of security breaches involving personal data, many organisations have not taken data security seriously. In Germany, administrative offences can be punishable by a fine of up to € 25,000, e.g. in case of failing to appoint a data protection official. Companies can also be fined up to € 250,000 in other cases e.g. if a firm collects or processes personal data that is not generally accessible without authorisation.
Most companies consider bad publicity as a higher risk than getting fined. Data authorities and the media are publishing more information about violations and due to recent scandals, customers and citizens are becoming more and more informed and sensitive to this subject. In Germany, companies like Lidl, Deutsche Telekom and Schlecker have recently been involved in data protection scandals.
Depending on the country the authorities are empowered to intervene and freeze illegal processes.
Data Authorities are entitled to check if you really fulfill your legal obligations under the Safe Harbor program. We advise you to conduct such application through our dedicated Services.