Known as the landmark digital privacy legislation of the EU, GDPR introduced a set of user data protection and privacy norms in an unprecedented way. This GDPR data protection was designed and legalized to offer the residents of the EU enhanced control over their data. It was launched at a time when instances of data breach sent shock waves across various industries and left governments seeking cover. As per the GDPR norms, the companies/organizations have to ensure that user data is collected, stored, and protected as per legal means. Not adhering to GDPR norms, attracts penalties.
GDPR Violations and Its Results
The much-touted EU data privacy regulation norm or GDPR was implemented in the EU on May 25, 2018. This forced thousands of businesses and organizations operating in the EU to update their user data policies.
As per the GDPR norms, the supervisory authorities can impose fines on the violators. The offenders may also face punitive actions. These actions are:
- Warnings and reprimands
- Ban on data processing
- Third-country data transfers, suspension
- Restriction and discarding data
Why Does It Make the Businesses Worried
Since the deployment of GDPR, the businesses operating in the EU have become cautious about adhering to the norms. The EU general data protection regulation does not discriminate between MNCs and small-sized ventures. There are instances of corporate giants and tech icons being fined for GDPR violation. For example, British Airways was slapped with a fine amounting to €204 million after records of 500000 customers got exposed. Even internet tech giant Google had to pay a fine of €50 million for GDPR norm violation.
GDPR Penalty Tiers
The amount of fines and punitive action faced by a company for GDPR violation varies on some factors. It can be a maximum of €20 million in case of tier 2 infringement. For tier 1 infringement, it can be €10 million.
The GDPR violations for Tier 1 infringements are:
- Article 42 certification
- Article 8 factors for children’s consent
- Articles 25-39 obligations of controllers and processors
- Article 43 certification bodies
- Article 11 processing not requiring identification
The GDPR violations for Tier 2 infringements are:
- Article 6 conditions for consent
- Article 5 data processing norms
- Articles 12-22 data subjects’ rights
- Article 9 processing special types of data
- Articles 44-49 data transfers to international organizations/ third countries
Nuances of GDPR That You Must Know
The GDPR is not aimed at specific sectors and industries. It covers data collection and processing taking place in Europe or affecting the residents of Europe.
Things that may lead to GDPR violation are:
- Improper/Illegal Collection of User Data – It was imposed on the Spanish soccer league for violating transparency provisions of GDPR.
- Improper Sale – The Austrian Post had to pay €18 million as a fine for selling personal profiles of almost 3 million Austrians.
- Security Breaches – The National Revenue Agency of Bulgaria was fined €2.6 million. Failure to report such breaches is also illegal.
- Poor Data Security – 1&1 Telecom, a German company, paid €9.5 million as a fine for poor data security.
- Offshoring – GDPR violation can occur by storing data in nations that are not GDPR regulated. Futura Internationale was fined €500,000 for this reason.
- Improper Storage – Deutsche Wohnen, a leading European real estate agency, had to cough up €14.5 million as a fine for improper content storage.