The regulation created quite a stir in May 2018 when it was enacted, and has recently created even more of a stir because the first fines for non-compliance have been levied. While the EU granted a short amnesty period to allow organizations to comply with the regulation, the fines definitely send a clear signal that the amnesty period is indeed over.
Companies are responsible for implementing GDPR-compliant data policies; complacency about the regulation will surely not win the day. No excuses — comply or be fined; the EU has definitely made good on its promise to staunchly defend citizen rights to privacy.
Thus far, there have been three notable penalties. One of the most visible is, of course, Google, which received a €50 million fine in France, courtesy of French data regulator CNIL (Commission Nationale de L’informatique). Google’s fault according to CNIL is the lack of transparency and unclear consent regarding advertisements.
In particular, Google did not have one clear source of information regarding how data is collected. Instead, the information was interspersed into various documents and websites, creating a nearly impossible task for the end user to be aware of how their personal data is actually being used.
The bottom line is that users must be able to make an informed choice about whether (or not) to consent to Google’s use of their data. The other important factor in the Google fine is that CNIL clearly sent a signal that Google can and will be regulated by every data privacy authority (DPA) within the European Union regarding the GDPR rules. Companies that were just focusing on the data privacy rules in their own country have definitely taken notice.
Google will inevitably appeal CNIL’s decision and organizations around the world are anxiously awaiting said outcome. If CNIL’s decision stands firm, companies will have to make changes in how they conduct similar online platforms. Simply said, the outcome could possibly create a profound change in the relationship between consumer and advertiser.
In Germany, a similar social media platform was fined €20,000 for a breach that compromised personal information like passwords and email addresses from more than 300,000 users. While this fine could have been much worse for the company, many industry experts state that the company was given a much lower penalty for how they handled the breach. The company’s saving grace was a proactive notification of both customers and the German GDPR data protection authorities.
This last example of a GDPR-levied fine definitely brings home the message of the lengths the EU will go to protect their citizens. In this case, an Austrian businessman was fined for placing a camera outside his business. The camera was not clearly identified as a CCTV camera, yet it was recording a public space outside his business.
Since GDPR began, the EU has received nearly 100,000 data privacy complaints from its citizens and over 40,000 data breach notifications from companies. Experts say these numbers are low because they are based on voluntary contributions from only 21 of the 28 EU member countries. The numbers therefore are actually much higher.
So far, the GDPR has reported levying 91 fines, with 60 of those fines levied by the German DPA alone. GDPR definitely changes the compliance risk for organizations across the world. Heftier and more numerous fines are expected to be handed out in 2019 as the EU moves into GDPR with full steam.
The United States was once the trailblazer of the world when it enacted the mandatory data breach notification laws and punishment sanctions for non-compliant businesses. Now, the U.S. Congress is closely following GDPR and may soon enact similar privacy considerations to rein in companies like Google, Facebook and others who offer free products and services at the expense of a user’s personal information. Congress understands that what a consumer discloses today can have far-reaching implications years later, and they are definitely watching the implementation of GDPR as Europe nears its first anniversary of enacting the law.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.