Legal Fines for Online Businesses of up to EUR 20 Million under the new Data Protection rules

privacy policy fines increasing

Share This Post


Having a Privacy Policy on your website is an absolute must. This is not something website owners have made up or something that legal professionals have decided to charge for.

Until now, in the European Union, the requirement for having a Privacy Policy had stemmed from the EU Data Protection Directive (95/46/EC). The rule was, however, designed in 1995 – more than 21 years ago. At that time, the Internet was a fairly new innovation for a lot of people. Websites were just emerging. Social media platforms and mobile apps did not even exist. Until now, it can therefore be said that rules were relatively vague.

This year, a new set of rules was adopted by the EU. The Regulation (EU) 2016/679 (the General Data Protection Regulation, or “GDPR”) will replace the abovementioned Directive. The regulation now takes in account all specifics of the new digitalized world, which will carry data protection law forward. This, however, means changes to compliance obligations and more strict rules for Website, Mobile App and Software owners.

Who do the new rules apply to?
An identification badge with personal data.

The new Regulation, imposing Privacy (Policy) obligations, will apply to and impact almost every organization or company based in the EU. Apart from that, companies that either offer goods or services to EU residents or monitor the behaviour of EU residents, thus doing business within the EU will be subject to the rules of the GDPR.

What are the penalties?
A police car which, meaning enforcement of EU Data Protection rules will be much stricter and the legal fines higher.

Under the new Regulation, failure to comply with its rules can lead to ground-breaking legal fines. The greater of €20 million, or 4% of the company’s worldwide turnover can be imposed on those who do not have comprehensive rules and do not abide to them. Those legal fines will now be fully able to destroy a large business, let alone small or medium sized enterprises (SMEs).

Increased amount of obligations?
A graph indicating the obligations of companies regarding Data Privacy will be much higher.

Indeed. Business owners will have the bar for compliance raised considerably. New requirements will need to be fulfilled in Privacy Policies; stricter limits on the collection and use of personal data will be imposed; individuals will have greater right of action in order to enforce their rights against Website, Mobile App and Software owners.

Satisfying these new requirements will be a serious test for many of the latter.

You need to prepare!
Companies need to start preparing by amending their Privacy Policies.
The Regulation has already been adopted in May 2016. This means that it is about time for you to prepare to be compliant with the new rules.Novelties in the GDPR include, among others, territorial application, consent, rights of data subjects, 72-hours breach notice, increased compliance obligations for controllers, appointing a DPO. These new requirements shall all be reflected in the crucial update of each Privacy Policy of a Website, Mobile App or Software.

Early planning is essential.
Hiring the right online legal compliance professionals to redraft online legal compliance rules is important.

Enforcement of the new rules start in 2018. And although that seems like ages from now, it should be noted that all business owners need to bring their operations into compliance with the Regulation BEFORE 2018. As the GDRP radically changes most of the aspects concerning the collection and processing of personal data, the scale of this task and especially the seemingly excessive amount of legal fines (which is actually not!) should not be underestimated.

This includes a complete review, revision and re-drafting of existing and future Privacy Policies, as well as Terms and Conditions, Cookie Policies, etc.

A banner, offering to purchase a Privacy Policy

Lege Nova’s team has now attended a number of seminars, trainings and conferences in order to expand the knowledge around the upcoming GDPR developments to the fullest extent possible.

Our practice is ideally positioned to guide Website, Mobile App and Software owners through the process of understanding and complying with the Regulation rules relating to online business. Combined with our lasting, deep experience in the sector of Data Protection, Lege Nova is now fully prepared to advise companies on their new data protection compliance obligations under the new General Data Protection Regulation.

Receive a FREE Legal Consultation from one of our trusted advisors.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore...

reasons privacy policy importance
Consumer Protection

7 Reasons why Privacy Policies are so Important

The Privacy Policy is undoubtedly within the MUST-HAVE documents to have on your website or mobile app. Privacy Policies are desired and required everywhere. And there

Leave a Comment

Your email address will not be published. Required fields are marked *

Fancy a FREE Legal Consultation for your online business?

Schedule it now.

Scroll to Top