GDPR: Winter is coming (and enforcement is too)

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC

After its implementation in May 2018, the European Union General Data Protection Regulation (GDPR) continues to dominate headlines in many industries, including technology. On September 25, 2018, Facebook discovered a security breach that exposed the personal information of approximately 50 million users. Facebook disclosed this breach within the 72-hour window required for disclosure under the GDPR. Despite the timeliness of the notification, the Irish Data Protection Commission indicated that Facebook could still face enormous fines for its inability to clarify the nature of the breach and risk to users at the time of notification. 

If a company violates data subject rights or fails to comply with required procedures under the GDPR, it can be fined up to four percent of its annual global turnover (revenue). Last year, Facebook reported more than $40 billion in global revenue. Therefore, Facebook’s potential fine could exceed $1.6 billion. 

In a recent interview, the European Union’s data protection supervisor, Giovanni Buttarelli, stated that the first GDPR enforcement actions are scheduled to begin in November—six months after the GDPR came into effect. In July 2018, the U.K’s Information Commissioner’s Office commenced its first formal enforcement action against a Canadian data analytics firm, AggregateIQ Data Services. Formal complaints against Facebook, Google and other large data-dependent technology companies have occurred since the effective date of the GDPR, resulting in ongoing investigations. Enforcement actions should help other impacted entities interpret the GDPR with greater precision. We will continue to monitor these developments as they unfold.

What does this mean for your business?

If your entity maintains an online presence it may be subject to the GDPR. For example, if your website collects any information about its users, whether through forms people submit on the website or through third party collections, such as Google Analytics, the GDPR likely impacts the way your entity collects, stores and processes data.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.