GDPR real risk > GDPR potential risk

May 24, 2018

In all of the discussions about GDPR, many people seem to have become overly focused on the new financial penalties for non-compliance. It’s certainly a weighty amount – any organisation failing to achieve compliance with GDPR could face penalties of up to €20m or 4% of annual turnover, whichever is greater.

But how realistic is that, especially for mid-sized firms? I would say it is highly unlikely that any organisation will be hit with such a fine in the first few months at least of the GDPR era. But that’s not to say that there aren’t huge risks out there for non-compliance. What are the real risks of GDPR and how do organisations go about measuring them?