Since the European Union’s General Data Protection Regulation (GDPR) was first passed into law, companies have been fined more than €56 million (approximately $62,570,200) for data breaches. In the first three quarters of the year, the European Data Protection Board (EDPB) had received more than 206,000 GDPR complaints in 31 countries. While more than 95,000 of the data breaches were consumer complaints, 65,000 came from data controllers.
Of these GDPR complaints, only one percent of the 206,000 that has been investigated and closed have legally challenged the ruling in the courts. It is also essential to take into consideration that of the €56 million in fines, CNIL’s fine levied against Google was for €50 million (approximately $55,866,250) of it. Here are a few important tips to protect your income by understanding the GDPR in 2019.
GDPR Compliance
While it is mandatory for all EU businesses across all industries, there is still much confusion about GDPR compliance for non-EU companies. Non-compliance fines can go as high as €10 million (approximately $11,173,250), or 2 to 4 percent of a company’s global consolidated turnover. Here is a GDPR readiness checklist that includes individual rights, restrictions, penalties, and emerging legal issues. These GDPR guidelines were written for enforcers and data protection watchdogs:
- Implementation of a data migration plan
- A transparent GDPR process
- Application of administrative fines
- Process for notification of breaches
- Consent for data security and migration
- Accredited data protection professionals
- Authorities like supervisors and corporate data protection officers
- Annual review of data protection assessment and effect on consumers
- Automated process for reporting and data privacy decision-making
GDPR as a Basic Human Right
The EU Charter of Fundamental Rights was drafted in 2000 to protect the rights of citizens, which became law in 2009. Under Article 8, EU citizens have a legal right to personal data protection. In 2016, the GDPR was added to the charter and took effect in 2018. While the charter recognized citizens had a right to personal privacy, but the GDPR included additional user protections for data security and technology migration.
GDPR Restrictions
The GDPR’s primary focus has always been to protect consumers from the loss of their personal and financial data when conducting business online. From the onset of the GDPR, there has been pressure on EU officials to protect consumers’ fundamental rights while also looking for ways to enforce GDPR values. There is also much focus on restrictions that boost rights while looking for additional ways to toughen authoritative support for the GDPR laws.
Corporate GDPR Obligations
Whether you are a start-up or a global digital conglomerate like Amazon or Google, fines are meant to deter a company’s inability to protect consumer data safely. There is also a focus on data migration, which puts many more global companies in the EU crosshairs for fine levies.
There is now pressure on EU companies, and those who do business with EU citizens, to assess their data protection plan and inform the EDPB authorities when breaches occur. As more about the law and enforcement come to light, the information will help protect future income.