Due to the dawn of privacy regulations around the world there was a feared perception about fines because it is true that many privacy regulations introduced huge fines for non compliance. Like other privacy regulations, GDPR aka the General Data Privacy Regulation also imposed the heavy fines. According to GDPR's article number 84, company can be fined up to 2% to 4 % their annual revenue or company can be fined up to 10 million euros.
Fine tracking can be found here  .
Why Do Companies Fear Privacy Regulations ??
Due to wide adoption of the emerging technologies like Artificial Intelligence, Big Data, Data mining and Blockchain by companies across the globe, a huge amount of data is being processed by these organizations. which causes the privacy regulations to spotlight these organizations. Data is the fuel and with the help of these emerging technologies companies now yield huge benefits and insights by processing their customers personal information.
Privacy regulations and emerging technologies should go hand in hand but unfortunately that is not the case. It seems that privacy regulation's main mission is to protect the personal information of their citizen but not to support future technologies. On the other hand, future technologies main focus should be to give their creators benefits so they can take better decisions for their business by processing their data.
"So what will be the solution?" The good thing about GDPR is that GDPR introduced article number 35 the DPIA (Data privacy Impact Analysis).
"What is the DPIA how it can help companies avoid fines?" DPIA is the type of risk assignment which help companies to reduce and minimize the privacy risk to customers personal information.
GDPR does gives the insight how to conduct the DPIA but good thing is that ICO France give us the step by step guide of how to conduct DPIA.
There are the following steps according to the ICO:
- Identify the Scope and Need for the DPIA
- Identify the PI (what kind of customer personal information company have)
- Identify and Analyze the risk towards PI
- Identifies the Measures and formulate the Treatment strategy
- Review and Continue the DPIA cycle
- Document the DPIA
"So who will conduct the DPIA?" Companies have full control over who will conduct the DPIA, but GDPR introduced the the job description called DPO (Data protection officer) which handles the activities of DPIA and other privacy regulations related activities as well.
In the Conclusion, these privacy regulations including GDPR as well, are here to protect the personal information of their citizens. And by imposing fines and strict check and balance, it makes sure the applicability. So fines and penalties are only for the financial loss or gain but the ensuring the protection of data.