Its Over May 25, 2018, a day which the EU General Data Protection Regulation (GDPR)Law takes into full action, everyone is working to ensure data is protected and every organization is working to remain compliant with this new GTPD laws, were users have full access to personal data which is stored by online agencies. Users can now demand a copy of what data is stored and how it is used.
Cryptocurrency organizations are not out of the need to remain compliant with the new GDPR Laws and they are not relaxing over this. Cryptocurrency mining Firms and website collect your data while you log in to your accounts. The Blockchain system has been designed to share public transactions, however, individual Crypto agencies have other personal data which are not shared, in view of this, they must state what data they have and what they do with it. Failure to do so will lead to heavy sanctions of violation of General Data Protection Regulation (GDPR) Law.
The GDPR gives people more control over their personal data, ensuring they are the ones to decide where and how the data is used.
Fines and Penalties GDPR Violation
Fines are administered by individual member state supervisory authorities (83.1). The following 10 criteria are to be used to determine the amount of the fine on a non-compliant firm:
- Nature of infringement: number of people affected, damaged they suffered, duration of infringement, and purpose of processing
- Intention: whether the infringement is intentional or negligent
- Mitigation: actions taken to mitigate damage to data subjects
- Preventative measures: how much technical and organizational preparation the firm had previously implemented to prevent non-compliance
- History: (83.2e) past relevant infringements, which may be interpreted to include infringements under the Data Protection Directive and not just the GDPR, and (83.2i) past administrative corrective actions under the GDPR, from warnings to bans on processing and fines
- Cooperation: how cooperative the firm has been with the supervisory authority to remedy the infringement
- Data type: what types of data the infringement impacts; see special categories of personal data
- Notification: whether the infringement was proactively reported to the supervisory authority by the firm itself or a third party
- Certification: whether the firm had qualified under approved certifications or adhered to approved codes of conduct
- Other: other aggravating or mitigating factors may include financial impact on the firm from the infringement
If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision. (83.3)
However, the above may not offer much relief considering the amount of fines possible:
Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
- Controllers and processors under Articles 8, 11, 25-39, 42, 43
- Certification body under Articles 42, 43
- Monitoring body under Article 41(4)
Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of: