Under the GDPR, companies can be sanctioned for a breach with
fines of up to 20 million euros or 4% of their annual worldwide
turnover, whichever is higher. Therefore the GDPR is not to be
brushed aside as non-compliance could be extremely costly for
In the Italian case, the companies were making money transfers
to China on behalf of individuals without their knowledge or
agreement to hide the identity of the real transferors, therefore
they did not have the individuals' consent to process their
data in this way. This will become more important under the GDPR as
consent is one of the lawful bases of data processing and companies
must ensure they have valid consent in order to process data in
this way. If they do not have consent, and cannot rely on another
lawful basis of processing, the company will be unable to process
The Garante has shown with this decision that it is already
moving towards a GDPR sanctions regime although not in force until
May 2018. This is good news for the GDPR as an enforcement
mechanism, however not for companies who choose to ignore and
understand the importance of consent under the GDPR!
The material contained in this article is of the nature of
general comment only and does not give advice on any particular
matter. Recipients should not act on the basis of the information
in this e-update without taking appropriate professional advice
upon their own particular circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).