$126M+ in Fines: Companies Keep Failing to Comply With GDPR

The past year was historic for data protection. The fines for not complying with GDPR have reached $126M and are not going to stop. Marriot faces a fine of around $123 million, while British Airways may need to pay $230 million for not complying with GDPR rules and regulations.

These fines are no joke – they can wreck your business immediately. Many companies rush to introduce changes and security measures to avoid non-compliance. But there are many confusions about GDPR and its influence on a company, so let’s get into it further.

What is GDPR Compliance?

The GDPR abbreviation stands for “General Data Protection Regulation.” In short, it is a regulatory body of the European Union Law that deals with data protection and privacy within the European Union and the European Economic Area. Moreover, it also covers handling sensitive data outside the European Union and the European Economic Area.

GDPR has 88 pages, which consist of 11 chapters and 99 articles. And its reach goes beyond the European borders. Any individual or company that has access to data of EU citizens need to comply. So, every company that processes and collects information of EU citizens has to take it seriously.

Explaining GDPR Regulations

Let’s get into the nitty and gritty – clarifying GDPR. Ever since its implementation in May 2018, there have been a lot of questions and confusion in regards to compliance. Some questions remain unanswered. Until the board issues proper guidelines for all rules and regulations, let’s talk about what we know so far:

Territorial scope: The European Data Protection Board has issued more clarifications in regards to which companies GDPR applies to, and which it doesn’t. They also covered rules that apply to international companies that do business within the EU. Also, those that cooperate with other European companies.

Transparent disclosure: Companies must obtain unambiguous consent from a data subject to be able to collect, process, and use their information. They state that fine print isn’t enough. Companies must disclose data collection using plain language. If not, the data subject’s consent would be void.

Legal basis: GDPR has also gone in-depth about the legal basis for processing user data. They clarified when data collection is necessary and how their rules apply to specific cases.

Consequences of Not Complying with GDPR

If a company fails to comply with GDPR, they face some serious scrutiny and hefty fines. One form of penalty is a fine that can reach a staggering 10 million euros. Another is to pay 2% of global annual revenue for the previous year.

Depending on the size of the company, these amounts can make or break the business. So, it’s best to consult with legal professionals. Then you can understand the full scope of consequences that can arise from not complying.

To illustrate the matter further, let’s talk about the most famous GDPR non-compliance case – British Airways.

Between August and September 2018, British Airways has suffered a major data breach. An investigation discovered that the company had inadequate security. It allowed malicious actors to access sensitive information such as credit card info or names and addresses rather easily.

Before, Facebook paid the highest fine. It amounted to half a million British pounds. British Airways may set a new record – a whopping $230 million. It shows that failing to protect users not only results in a poor reputation, but it can also wreak your company’s financial assets.

Tips for GDPR Compliance and Overall Security

Many companies still find all new rules and regulations confusing. But it is essential to introduce new security measures. They can ensure that the company is compliant with GDPR.

Here are three tips on how to start taking better care of user data.

Data Auditing: Performing frequent data auditing ensures that only trustworthy people have access to information. Since human error is the number one reason for data breaches, it is of great importance to control access, inspect data pathways, and see how it's stored. Otherwise, you’re risking non-compliance and astounding fines.

Encryption: When it comes to protecting customer data, there is no better option than to encrypt everything. Emphasis on everything. Keeping employee devices encrypted is common sense now. Companies should also use file encryption on data they upload to the cloud or send and share online. Moreover, only employees with access and within the network of the company should be able to access user data. You can use NordVPN Teams both to encrypt the data in transfer and control access to the network.

What Will Happen This Year?

You can expect even more enforcement. The GDPR has been working hard to ensure that all companies follow best practices. Currently, there are many ongoing investigations, especially in Ireland. The supervisory authority in Ireland is inspecting a lot of big tech companies. Some of them are likely going to result in significant fines.

GDPR was only a starting point in the journey of systematic transformation of how sensitive data is handled and processed. The European Data Protection Board will release new guidelines and regulations, so stay tuned for that. It is imperative to keep track of all the changes in compliance and do your best to follow through.

Read next: These 6 Brilliant Infographics Will Teach You Everything You Need to Know About The EU's GDPR
Previous Post Next Post