The risk is not worth it
Fines are in fact high and, despite their value being dependent on a number of different factors – such as the number of individuals affected, the number of incidents and their level of impact – the reputational damages of a fine, for an event planner, will surely be devastating.
Companies may be fined up to 20 M Euros or up to 4% of their annual revenue (whichever is the highest), depending on the size of the company and the seriousness of the infringement. In addition, they may incur extra fines if they have any individual complaints from those who have seen their data compromised. The managers of the company may also be involved in this type of procedure.
Depending on the type of infraction, companies behavior may even amount to criminal conduct.
This might mean the loss of additional business to competitors who may have been better prepared for the GDPR.
To whom does it apply?
The fines apply to all parties involved, be they data controllers, as is the case of event organizers, as well as subcontracted entities that have contact with the data (subcontractors or data processors), usually technology companies, event management agencies , etc.
Return to our GDPR index: Are your events ready for the GDPR?
Still have questions about this? Talk to us!