• GDPR One Year Later A Data Privacy Retrospective
Articles:

GDPR One Year Later A Data Privacy Retrospective

04 June 2019

Kezia Talbot , Legal Advisor |

On May 25, 2018 the EU’s GDPR went into effect. This was, by far, the most aggressive and sweeping privacy law the world had seen in years. New requirements including: a) responding to individual rights requests within 30 days unless certain criteria are met, and b) filing with regulators within 72 hours of a personal data breach, were just a couple of the most pressing obligations companies are required to address. 
 
Over the last year, fines have been wide ranging and have varied from country to country. Companies of all sizes across different industries have been caught in the cross-hairs of the regulators, including but not limited to:

 

ADV_CCPA_GDPR-one-year-later_5-19_icons_knuddels.png

Knuddels.de

Fined €20,000 (~$22,500) by the German Data Protection Authority (DPA) following a breach  that exposed personal information of 330,000 users, including passwords and email  addresses
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_facebook.png

Facebook

Fined £500,000 (~$652,000) by the UK’s Information Commissioner Office (ICO) for the Cambridge Analytica scandal, which allowed illicit access to personal data of 87 million users.

   
ADV_CCPA_GDPR-one-year-later_5-19_icons_britishtelecom.png

British Telecommunications

Fined £77,000 (~$100,000) by the UK’s ICO for sending approximately 5 million unsolicited    marketing emails. 

   
ADV_CCPA_GDPR-one-year-later_5-19_icons_google.png

Google

Fined €50 million (~$57 million) by the French Commission Nationale de l’informatique et des Libertés (CNIL) for not properly disclosing to users how data was collected across its services to provide personalized advertisements.

   
ADV_CCPA_GDPR-one-year-later_5-19_icons_yahoo.png

Yahoo!

Fined £250,000 ($326,000) by the UK’s ICO for an attack that took place in 2014 where contact information and passwords of 500 million users were exposed.
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_equifax.png

 Equifax

 Fined £500,000 (~$652,000) by the UK’s ICO for a 2017 breach that allowed hackers to steal   sensitive financial information from approximately 15 million users.

 

Please see our latest insight to review what actions companies are taking to improve their data governance and privacy compliance programs, as well as what they are doing to prepare for the influx of new privacy regulations, including California Consumer Privacy Act.

 

Read more BDO Insights