The imminent arrival of the #GDPR, as many have already noted, has resulted in a huge amount of speculation, prediction and scaremongering. Stories of massive fines, a torrent of crippling class action lawsuits, 75000 DPO jobs and the emergence of a new volcano in the fields outside Wilmslow* have all captured our attention. Nevertheless, just when I thought I had heard everything, Lawrence Serewicz proved me wrong.
Mr Serewicz issued, with the certainty of an Old Testament prophet, this astounding claim:
“Quick #gdpr prediction. By May 2019 the ICO will have issued more, in terms of number of and amount of, “fines” than in the previous years of the MPN era *combined*.”
This might be the wildest prediction anyone has made since the GDPR first dropped from the sky (sidenote: feel free to link me to dafter ones). By my quick and dirty calculation, this would mean GDPR fines in excess of £9million and more than 100 fines between May 2018 and May 2019. This isn’t going to happen. Even in a parallel universe where we had a Commissioner who liked taking action, they couldn’t fire out 100 fines in one year. It is inconceivable.
It is probably fair to say that Mr Serewicz and I do not have a relationship marked by mutual respect or affection, but for once, he has inspired me. The idea of predicting what the first year of GDPR will involve is a brilliant one, and I have decided to have a go.
Below are 12 predictions about the first 12 months of GDPR in the UK. For every one that I get wrong, I will donate £20 to the charity Mind. And here’s where you can join in. Look down the list, and see if you disagree. If you spot a prediction that you think will not come true, let me know – in the comments here, on Twitter, via LinkedIn, or via email. If you are right and I am wrong, I will publicly admit that this was the case on this blog. I will celebrate your perspicacity. But if I am right, and you are wrong, you will donate £20 to a charity of your choosing. You don’t have to do anything else and I will not make fun of you. Nobody makes any money except good causes, but imagine me having to grovel and highlight your superior knowledge in print. If three people say I’m going to get one wrong and I don’t, each one makes their donation, but however many people bet against me, if I am wrong, I just pay one £20 per prediction. I will still praise those who get it right.
I will not be a smart-arse about general comments and reactions on social networking sites – if you want to join in, contact me directly and say you want to take up the charity challenge on one of these predictions.
The total amount of GDPR fines (not including PECR and legacy DPA fines) between May 2018 and May 2019 will be less than the total of all DP CMPs up to today’s date.
Yes, this is half of Mr Serewicz’s prediction. Guess what prediction 2 is?
The total amount of GDPR fines (not including PECR and legacy DPA fines) issued between May 2018 and May 2019 will be less than the total number of all DP CMPs up to today’s date.
There will be less GDPR fines (not including PECR and legacy DPA fines) between May 2018 and May 2019 than between May 2017 and May 2018.
That’s right – I predict the number of fines will decrease in GDPR’s first year of operation.
There will not be a €20 million or UK equivalent fine before the end of May 2019.
I intend no weasel get-outs here – we all know what I mean here. There will not be a maximum possible fine in any circumstances.
There will not be a 4% of annual turnover before the end of May 2019.
Thinking about the lower level of penalty i.e. under Art 83(4), there will not be a €10 million or UK equivalent fine before the end of May 2019.
Thinking about the lower level of penalty i.e. under Art 83(4), there will not be a 2% of annual turnover or UK equivalent fine before the end of May 2019.
No UK public authority will be fined more than £1 million before the end of May 2019.
No UK company will be fined more than £2 million before the end of May 2019.
I want to be wrong on this one as there will be deserving breaches. I don’t think I will be.
No charity will be fined more than £50,000 before the end of May 2019, unless for a security breach.
No GDPR class action case will have been concluded with a total damages payout of more than £1million before the end of May 2019.
Five of the companies registered on Companies House today with ‘GDPR’ in their name, or a company name whose initials spell ‘G D P R’ will no longer be offering Data Protection services in May 2019.
These ones just for fun as they cannot be measured
AND FINALLY: do you have a prediction in the style of those above? If you do, let me know what it is. If I get at least five predictions (and a maximum of 10, I’m not made of money), next month, I will write another blog made of reader suggestions. If this comes off, I will say whether I agree with them or not, and if I disagree with them, it’s another £20 to Mind from me for every one that I get wrong. But contributors must promise that if they get it wrong, they will pay the £20.
This will go wrong in one of two ways. It will capture people’s imagination, and I have given myself a shedload of admin. Or nobody will care, and nobody will join in. But we’ve all read a pile of predictions since all this GDPR nonsense started. Let’s have a bit of fun, and raise a little bit of money for charities at the same time.
* In 2017, anything is possible.