Over three years ago, on May 25 2018, the GDPR, Europe’s data privacy and security law was introduced. As we all now know, its intention was to governs the way organisations that operate within the EU process, store, and use personal data. The legislation replaced older data protection laws, and regulators can fine organisations anywhere in the world which target or collect data in the EU.
When introduced, there was what could be termed “mild panic” within the some circles, as everyone rushed to get their ducks in a row. So, what’s happened in the past three years, have businesses really been fined?
Well, since May 2018, hundreds of millions of euros worth of fines have been handed out by information commissioners around Europe. Key breaches (to name a few) included those linked to the use CCTV cameras to monitor employees as well companies not complying with the “right to be forgotten” law.
With a maximum fine of £17.29m or 4% of global revenue, here are some of the cases that hit the headlines and the fines (in pounds sterling, for ease of reference), although there are likely to have been many more:
It will be interesting to see what the next three years brings, as of course BREXIT and the global pandemic will have potentially impacted the level of enforcement applied.
An overarching goal for all organisations must be however, that of ensuring that a high level of security is applied to personal data collected. This should be done by having in place necessary procedures that limit the data being processed to that which is strictly required aligned to the purpose at hand. Sufficient technical and organisational measures must also be put in place to protect data from any unauthorised access by ensuring that data is only accessible to the relevant personnel whilst managing the storage of data in a lawful manner. There is also arguably an interplay between data protection, information security, privacy, cybersecurity and other legislation making it all the more important for organisations to obtain specialist guidance from professionals.
If you would like advice, please contact our marketing team on 01254 828300. Better still, why not attend our eTraining session on this on 21 October 2021, you can book here.
The source of this article was in part from the BBC.