Largest GDPR Fine Levied, as Brexit Poses Further Questions and Concerns
Coming into effect last spring, the General Data Protection Regulation (GDPR) has brought about huge changes in how organisations handle personal data. Designed to establish a simpler, but stricter and more unified approach to data protection, GDPR has had a massive effect on how organisations can communicate with their customers, suppliers and other stakeholders, giving individuals greater privacy rights.
Non-compliance with GDPR is taken extremely seriously, with maximum fines available to enforcement agencies of up to four percent of the offending firm’s global turnover, or €20,000,000 (whichever is greater). Although relatively small fines have previously been issued, the largest so far has now been levied against Google in France. According to the French data regulator CNIL, the fine – of 50 million euros (£44m) – was issued due to a "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation".
On top of considering the very real possibility of contending with financial penalties of this scale – in addition to the damage that would also be done to customer trust – the pending outcome of Brexit is also raising many questions and concerns for businesses.
The current uncertainty regarding whether there will be a deal means that it is difficult to predict exactly what changes to data regulation – if any – there will be for UK organisations to observe. The UK watchdog, the ICO, has issued some helpful guidance for SMEs to prepare for a no-deal Brexit, but is clear that ‘the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow.’ The principles of GDPR have already been adopted into UK Law, creating the Data Protection Act (2018).
Regardless of the outcome, making greater efforts to respect customer privacy and ensure data protection will lead to positive business outcomes, and GDPR provides the framework to achieve this. For practical tips on meeting the requirements of GDPR, Quadient has produced the ‘Guide to Managing GDPR’ which can be downloaded here. It focuses in detail on compliant communications and managing customer access requests, so if your organisation has any questions or concerns around these aspects, it may be particularly helpful.
Click here to download our guide.