On 25th May 2019 it will be a year since the General Data Protection Regulation has been legally enforced by the European Union with a vision to safeguard the data of the citizens of the European Union.
The regulation allows citizens full control over the acquisition, process, retention or omission of their personal data, which in turn gives them complete control on how & to what extent they want to disclose their data to the business companies.
According to the French data protection agency CNIL’s Mathias Moulin, May 2018 to May 2019 has been a transition year for GDPR where several national data protection regulators finalized their rules & approaches towards GDPR compliances & decided to probe into the probable violations.
GDPR has been highly impactful in terms of sensitizing the organizations & the common masses at large about the value of data as a currency, to be leveraged only with the consent of the individuals to whom it belongs.
However, GDPR certainly has some visible loopholes. The most obvious one being that the law somehow has failed to impose fines on companies that have failed to adequately protect the customers' data – except for a few well-known industry giants, where the violations were too grave to be forgiven including Google, Facebook & Uber.
The challenges with GDPR have always been immense, majorly because the law has been the only one of its kind ever since its inception. The pre-GDPR world already had moved very far & fast in the direction of improving personalization for the customers & to optimize their experiences deriving data from Internet of Things (IoT) was a common practice. GDPR came as a renaissance for the marketers and compelled them to review their data protection, acquisition, processing, retention, and omission strategies.
The marketers across the world have just started acclimatizing to GDPR as the fines from failing to abide by the regulation are hefty which can amount up to €20 million or 4% of the global turnover of the company in any particular fiscal, whichever is greater. Majority of the firms across the globe were GDPR-phobic when it was launched but have now started reporting data breaches.
According to Stephen Eckersley, the head of enforcement at the U.K. Information Commissioner's Office, the number of data breach reported in 2019 is expected to be approximately twice of those reported in 2018 (36,000 breaches expected in 2019, compared to roughly 18,000 to 20,000 reported in 2018).
Notable GDPR Non-Compliance Fines
1. Google witnessed the Highest Data Protection Fine Ever
The French Data Protection Authority, CNIL, fined the tech giant Google €50 million in January 2019 for violating the GDPR norms of obtaining consent that must be “granular, freely given, informed & must involve affirmative action”.
Google was fined because of its economic model that is dependent on ads & personalization. They violated GDPR guidelines “such as the data-processing purposes, the data storage periods or the categories of personal data used for the ads personalization”.
The penalty came as a result of complaints filed by two European pressure groups: None Of Your Business (NOYB) and La Quadrature du Net in May 2018.
The fine of €50 million, though largest till date, is still minimum for Google, as the maximum penalty would have been €4 billion if were calculated on the basis of the annual turnover of Google.
2. Chat app Knuddels fined €20,000 for Data Breach
In July 2018, the personal information of more than 3,30,000 users of the German social media platform Knuddels were hacked & compromised. The company discovered the breach in 2018 & reported the breach to the German Data Protection Authority, the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI).
The accounts of all the impacted users were immediately shut down. In November, the LfDI issued a fine of €20,000. LfDI also discovered that the company stored the password in plain text. The fine was minimal considering that it could have been somewhere close to €10 million if the company would have been fined 4% of its annual revenue.
LfDI however, commended Knuddels for their "extreme co-operation" & the steps that they took afterwards to improve the data security of their users
3. Digital Marketing Company Bisnode levied
On April 1, 2019, the Sweden Headquartered Digital marketing Company Bisnode, which has a location in Poland, was fined €220,000 by the Polish Data Protection Authority, the national Personal Data Protection Office (UODO) for violating obligations under article 14 of GDPR.
The fine has been imposed as a result of the business model of the company which relies on the processing of the scraped data, which they utilize for insights without individually taking the consent of the data subjects.
In addition to the fine, the company must separately send an email to 6 million people within the next three months which will incur an additional cost of €8 million.
Bisnode though has said that it will push the controversial privacy penalty of the apex court of Europe & the final verdict may impact the privacy model of businesses across the globe.
4. Equifax Fined for failing to protect Personal Information
The Information Commissioner's Office fined Equifax LTD with £500,000 for failing to protect the personal information of 15 million UK citizens.
5. Denmark’s Taxi Company Taxa 4x35 for Retaining Customer Data Without Consent
A fine of 1.2 million kroner ($180,000) was imposed by Denmark's Data Protection Authority (DPA) on the taxi company Taxa 4x35 for not deleting customers’ telephone numbers.
6. Other Penalties
Ongoing Probes
GDPR Implementation Challenges
a. Organizations need to hold themselves accountable for the secure processing of data throughout the customers’ buying cycle
b. Fines and Penalties are subjective and depend upon various factors including:
c. The organizations need to match up with the minimum transparency & information requirements to comply with GDPR.
d. The potential costs for Subject Assess Requests (SARs) & data portability has to be abided by the organizations.
e. Under Article 30 of GDPR, the organizations have to keep a track record of the data processing activities
f. The territorial limits of GDPR are blatantly defined & not clear in Article3 (2)
g. Mandatory Data Protection Impact Assessments are additional burdens for organizations
h. Articles 48 & 49 describing the cross-border data transfer are ambiguous
i. It still remains unclear how the European Data Protection Authorities will be able to impose fines against non-complaint nations
Conclusion
In a GDPR compliant age, it is mandatory for the companies to act in accordance with GDPR rules not only to avoid the hefty fines but also to captivate the trust of their customers, investors & marketplace at large. Though across the globe, GDPR is still a newbie that needs to metamorphose into full-fledged & implementation-based form & has many loopholes; abiding by its norms is not only the best possible form of prevention against the hackers but also ensures that marketers are safe from stressful & expensive penalties & their reputation is intact.
We, at Valasys Media, advise you to be on the safe side of the law and read in detail about how you can be GDPR Compliant. For more information feel free to contact us.
Let’s keep in touch
Don't miss out on the latest marketing tips and techniques, delivered right to your inbox.
Subscribe today ... it's free!
Let’s keep in touch
Don't miss out on the latest marketing tips and techniques, delivered right to your inbox.
Subscribe today ... it's free!
Let’s keep in touch
Don't miss out on the latest marketing tips and techniques, delivered right to your inbox.
Subscribe today ... it's free!
22 Comments
Attractive element of content. I just stumbled upon your blog and in accession capital to claim that I get in fact enjoyed account your blog posts. Anyway I’ll be subscribing to your feeds or even I fulfillment you get admission to consistently rapidly.
Thank You So Much…
I’m no longer certain the place you are getting your information, but good topic.
I needs to spend some time studying more or figuring out
more. Thanks for great info I used to be on the lookout for this info for my mission. 0mniartist asmr
Glad that you liked it. Do follow Valasys Media on Instagram and Twitter to get us some useful tips.
Good information. Lucky me I discovered your blog by
accident (stumbleupon). I’ve book marked it for later!
0mniartist asmr
Thanks for following us.
Hi! I could have sworn I’ve visited this website before but after looking at
many of the posts I realized it’s new to me. Nonetheless, I’m certainly pleased I found
it and I’ll be bookmarking it and checking back often! asmr 0mniartist
Glad that you liked it.
Hello There. I found your blog using msn. This is a really well written article.
I’ll make sure to bookmark it and return to read more of your useful information. Thanks for the post.
I will definitely return. asmr 0mniartist
Thanks for such kind words. Do follow Valasys Media on Twitter and Instagram for marketing updates.
Greetings! Very helpful advice within this article!
It’s the little changes that will make the biggest changes.
Many thanks for sharing! asmr 0mniartist
We are happy to help our readers.
Some truly nice and utilitarian info on this website, to I believe the pattern contains good features.
Dear Zortilonrel, thank you for your feedback. We are glad you liked our content. Stay tuned for more powerful insights.
If you are going for the best content like me, only pay a quick visit to this site every day because it offers quality content, thanks
Dear Reader, thank you for your feedback. We are thrilled you liked our content. We look forward to serving you with more powerful insights.
Superb post but I was wondering if you could write a little more on this topic? I’d be very grateful you could elaborate a little bit further. Cheers!
Dear John, thank you for your feedback. We are thrilled you liked our content. We will definitely cover more about this topic. We look forward to serving you with more powerful insights.
Thank you for your blog post.Really looking forward to reading more.
Dear Elsken, thank you for taking out time to write to us. We are glad you liked our content and that we are able to add value to you. You can surely share our blog on Facebook. Looking forward to serving you with more powerful insights.
Nice read, I just passed this on to a friend who was doing a little research on that. And he just bought me lunch since I found it for him smile Thus let me rephrase that: Thank you for lunch! “No one can wear a mask for very long.” by Seneca.
Dear Reader, thank you for your feedback. We are thrilled you liked our content. We look forward to serving you with more powerful insights.