Learn from Others’ Record-Breaking GDPR Mistakes

Biggest GDPR fines so far

€746 million (approximately $877 million). That is the recently reported amount of the latest fine—one of the biggest GDPR fines so far—due to General Data Protection Regulation (GDPR) violations. The fine shatters the previous record levied against Google in 2019 for a reported €50 million ($58.7 million) and is more than double the amount of all other GDPR fines combined.

While the details regarding the type of violation are sealed, SEC filings note the fine was the result of “processing of personal data did not comply with the EU General Data Protection Regulation”. A spokesperson addressed the charge stating, "Maintaining the security of our customers' information and their trust are top priorities. There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed."

The Power of the GDPR

Originally established in 2018, the European Union (EU) regards it as “the toughest privacy and security law in the world.” To that effect, the GDPR’s power extends not only over European companies, but any company that processes the personal data of EU citizens or residents.

The increasing amounts and rates of fines show that regulators are becoming more vigilant and aggressive in going after blatant privacy offenders. For years, experts have claimed that the GDPR has been too lax in its efforts to protect citizens and their personal data.

The historic fine may serve as a wake-up call for companies and organizations to start taking privacy and compliance more seriously. With the potential to assess fines up to 4% of annual revenue, companies should be able to note the benefits of proactively addressing potential privacy and compliance violations.

Become Proactive about Privacy with Data Governance

Being proactive first requires an accurate picture of your organization’s current privacy and compliance policies and capabilities. The best way would be from a single, comprehensive privacy platform to fully capture and control both structured and unstructured data throughout the various systems (and their requisite data types) your organization may employ.

Selecting a unified platform can provide the agility necessary to stay compliant in the ever-evolving regulatory environment as more government bodies around the world follow the EU's lead with GDPR. To preempt possible violations you may consider customizing industry-specific tags for things like PII identification, remediation, and management across your organization.

Use privacy and compliance tools that allow users to apply remediation policies, including deletion, quarantine, migration, and access privilege assignment to stay ahead of possible regulatory issues. Consider crafting and updating current compliance and privacy policies and address shortcomings based on live PII statistics and document analytics. Adopt a platform that allows for true global search; to find personal information for data subject access and other remediation requests.

With the increased frequency and the costs of GDPR fines, organizations need to pay more attention to their privacy and compliance programs. Complete data governance allows organizations to protect and manage all of their data across the enterprise for full certainty in an uncertain landscape. Whether it’s GDPR, CCPA, or any other regulation on the horizon, the best option may be to stay ready for anything.

Learn More

If you are still interested in learning more about GDPR, please consider reading our white paper, “A Practical Guide for GDPR Compliance” or watch our webinar, “Don’t Panic: Challenges and Solutions to GDPR Compliance”.

data privacy GDPR Privacy Regulation

Rafael Walden is a graduate of Portland State University and current solutions consultant at ZL Tech.