The European Union’s General Data Protection Regulation brings about new regulations surrounding data privacy. It sees a fresh set of rules that govern how personal and sensitive information is gathered, stored, and disposed of. Harsher punishments are introduced for business and responsible individuals who do not comply with these regulations. In the UK, the Data Protection Act is the implementation of this EU law.
Here, we go over what action has been taken to those in breach of the GDPR, focusing chiefly on cases of varying magnitude brought by the UK’s Information Commissioner’s Office (ICO).
Up to 87 million Facebook users had their personal data unfairly processed, in breach of the first data protection principle, as well as Facebook not taking appropriate action to defend against unauthorised or unlawful processing of personal data. This saw Facebook Ireland being fined £500,000 in October 2018.
Tax Returned Limited
14.8 million unsolicited marketing text messages were sent by Tax Returned Limited without valid consent through a third-party service provider. With no evidence of clear prior consent, Tax Returned Limited was fined £200,000.
DM Design Bedrooms
DM Design Bedrooms were found guilty of subjecting telephone preference service subscribers to more than 1.6 million nuisance calls. They were fined £160,000.
Eldon Insurance Services Limited (trading as GoSkippy Insurance) was found to have carried out two unlawful electronic marketing campaigns. They involved the sending of emails promoting their services to Leave.EU subscribers without sufficient consent. GoSkippy Insurance was therefore fined £60,000.
Hannah Pepper was a former GP’s surgery employee who accessed the clinical records of patients and staff members outside of her role inappropriately. She was fined £350 on top of costs and a victim surcharge.
These cases show how the new GDPR regulations affect not only businesses of all sizes, but also individuals. The ICO used to only have the authority to fine up to £500,000. Now, under the EU’s GDPR, a business could face a total charge of €20 million or 4% of its global revenue. For a company as large as Google, for instance, a maximum charge would be in the region of €4.4 billion. Marriott International currently has an ongoing case where 500 million guests may have had their data exposed. As a large, global company they could face a fine of over £17 million.
Every business should take appropriate steps to comply with this new law to protect themselves and their clients. Upgraded online security systems and adequate disposal of paper documents need to be in place. For professional shredding services, click here: https://ontimeshred.co.uk/our-services/onsite-shredding/. With robust systems and procedures in place, you can comply with the GDPR and avoid the new, larger fines.