PruAdviser on-line services will be unavailable from 20:00 pm on Friday 26 November until 6:00 am on Monday 29 November for website maintenance.
Currently we are not able to show some detailed information for Retirement Account performance for clients. This will be restored on 13 December 2021. We're sorry for any inconvenience this causes.

What have you got to lose?

Author Image Nick Hunt Technical Manager, Specialist Business Support
2 minutes read
Last updated on 23rd May 2018


GDPR gives the ICO and other regulators greater powers to take action quickly and forcefully on non-compliance. Depending on what’s gone wrong you, and your business could face a number of challenges.

GDPR Challenges

The General Data Protection Regulation (GDPR) gives the Information Commissioners Office (ICO) greater powers to take action quickly and heavily on non-compliance.

Depending on what’s gone wrong, you and your business could face a number of challenges. The following may help you consider the risks and how to manage them:


The ICO has powers under GDPR to investigate and correct any breaches.

If there’s a breach, depending on its severity, the ICO may ask you to: 

  • Provide some basic information and details of how you’ve corrected the breach
  • Provide information about the circumstances of the breach
  • Provide access to all personal data to evidence your compliance
  • Provide access to premises/equipment
  • Allow more detailed audits in terms of how you use personal data
  • Provide evidence to other law enforcement agencies, depending upon the seriousness of the breach.


Fines and enforcement action will be considered on a case-by-case basis and will be based on a number of factors; this may include the nature of the breach, how many data subjects (individuals) were affected and any historic issues with the controller/processor.

There will be two levels of fines based on GDPR, depending on the level of seriousness:    

  • Up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.
  • The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.

Corrective powers:

The ICO has powers to resolve issues of non-compliance: 

  • Insist upon immediate rectification, erasure or restriction of use of personal data
  • The ICO may issue Warnings and Orders to comply, or face further sanctions
  • Requirements to communicate to all data subjects affected by a breach
  • Limit the processing of data – temporary or permanently
  • Limit transfer of data outside the EEA
  • Fines, depending on the nature of any breach and other contributory factors
  • Removal of authorisation by the FCA.

Plus there’s a risk of: 

  • Claims for personal compensation for data subjects
  • Reputational damage
  • Possible further action from the regulators
  • Operational impact.

The ICO has said firms need to take a ‘risk based’ approach. You’ll need to demonstrate the steps you’ve taken to reflect how you have managed the risk.

Labelled Under:
Government Regulation GDPR

"Prudential" is a trading name of Prudential Distribution Limited. Prudential Distribution Limited is registered in Scotland. Registered Office at Craigforth, Stirling FK9 4UE. Registered number SC212640. Authorised and regulated by the Financial Conduct Authority. Prudential Distribution Limited is part of the same corporate group as the Prudential Assurance Company. The Prudential Assurance Company and Prudential Distribution Limited are direct/indirect subsidiaries of M&G plc, a company incorporated in the United Kingdom. These companies are not affiliated in any manner with Prudential Financial, Inc, a company whose principal place of business is in the United States of America or Prudential plc, an international group incorporated in the United Kingdom.