Blog, One day - One News

Email This Page

GDPR – Amnesty period is over

1 year later GDPR introduction – A warm-up for fining

On the first 9 months of application of GDPR, since its release on May 25th 2018, European data protection agencies have received a total of 200,000 cases, from which 65 000 were concerning data breachs, skyrocketing numbers compared to the pre-GDPR era.

As the first large scale data privacy regulation, the interest was to see how national watchdogs were going to use their new hammer that, for the record, enables to fine an entity up to €10 millions or 4% of the global revenue, depending on the infringement.

What are the lessons learnt from the fines issued?

While British Airways hitted the headlines with penality record, the overview of the first fines issued by each country of the EU is a good assessment of watchdogs application of the regulation:

  • France: Via the CNIL agency, France was the first to fire with the GDPR arsenal on Google and issued a fine of €50 millions for lack of transparency toward users.
    CNIL’s move prooved the location considered was no longer  the company HQ but the place where decisions were taken, in this case Ireland, enlightening the fact GDPR was an international regulation.
  • UK: Due to a large scale data breach, leaking both personal information and payment card details, Bristish Airways experienced a fine (first judgement) of £183 millions, worth 1.5% of the worldwide turnover.
    This example emphasizes the cost related to the tremendous increase of data storage risk, compared to the pre-GDPR era when the fine could not have exceed £500,000.
  • Poland: The Polish watchdog sanctionned €220,000 a digital marketing company specialized in data scrapping over the web, for not informing well enough data subject of the inputs collection.
    Bisnode has been the first company operating exclusively in B2B mode to be condemned by GDPR regulations, proving it could impact every businesses.
  • Portugal: The national authority fined an hospital €400,000 for not managing strictly enough the accesses to patient personal data.
    This case went further to demonstrate the universality of the GDPR regulations regarding the scope of applications of personnal data privacy.

One year later the message is clear, the amnesty period is over. European data protection agencies are starting to use their new tool with an heavy hand on the whole width of their spectrum. If not yet, these few first samples of fines issued will eventually convince entities to become compliant with GDPR regulations.

Leave a Reply

There are three major facts that should be watched out for in all payday loans in the United States. The new drug with unique properties was developed to help men to get rid of all sexual disorders, and its name is Cialis Super Force. Now you do not have to buy two different medications to solve sexual problems.