This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • GDPR One Year Later A Data Privacy Retrospective

GDPR One Year Later A Data Privacy Retrospective

04 June 2019

On May 25, 2018 the EU’s GDPR went into effect. This was, by far, the most aggressive and sweeping privacy law the world had seen in years. New requirements including: a) responding to individual rights requests within 30 days unless certain criteria are met, and b) filing with regulators within 72 hours of a personal data breach, were just a couple of the most pressing obligations companies are required to address. 
Over the last year, fines have been wide ranging and have varied from country to country. Companies of all sizes across different industries have been caught in the cross-hairs of the regulators, including but not limited to:



Fined €20,000 (~$22,500) by the German Data Protection Authority (DPA) following a breach  that exposed personal information of 330,000 users, including passwords and email  addresses


Fined £500,000 (~$652,000) by the UK’s Information Commissioner Office (ICO) for the Cambridge Analytica scandal, which allowed illicit access to personal data of 87 million users.


British Telecommunications

Fined £77,000 (~$100,000) by the UK’s ICO for sending approximately 5 million unsolicited    marketing emails. 



Fined €50 million (~$57 million) by the French Commission Nationale de l’informatique et des Libert├ęs (CNIL) for not properly disclosing to users how data was collected across its services to provide personalized advertisements.



Fined £250,000 ($326,000) by the UK’s ICO for an attack that took place in 2014 where contact information and passwords of 500 million users were exposed.


 Fined £500,000 (~$652,000) by the UK’s ICO for a 2017 breach that allowed hackers to steal   sensitive financial information from approximately 15 million users.


Please see our latest insight to review what actions companies are taking to improve their data governance and privacy compliance programs, as well as what they are doing to prepare for the influx of new privacy regulations, including California Consumer Privacy Act.


Read more BDO Insights