What is the General Data Protection Regulation (GDPR)?

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive and far-reaching regulation in EU Law on data privacy and protection in the European Union and the European Economic Area that came into force on 25th May 2018. In January 2012, the European Commission aimed to make plans for data protection reform. The primary agenda was to make Europe ‘fit for the digital age’. The current framework of the EU applies to every organisation in all member-states and has implications for businesses and individuals across Europe. The vice-president for the Digital Single Market enunciated, “The digital future of Europe can only be built on trust. With profound common standards for data protection, people make sure they have control over their personal information.”

gdpr audit

GDPR is a regime drafted to give EU citizens control over their personal data. It simplifies the regulatory environment for business. This framework is designed to increase awareness in the world in relation to the laws and obligations on dealing with personal data, privacy and consent in the digital space.

When a data breach occurs when an individual’s information can be lost, stolen or be released into the hands of people who should not have access to it and often have malicious intent. Under the terms of the General Data Protection Regulation (GDPR)an organisation and the people who accumulate the personal data under the secure conditions, are obliged to safeguard it from unauthorized users and exploitation. They must also secure the data to respect the rights of data owners and to avoid potentially hefty fines by the regulator of up to 20 million Euros of 4% of annual global turnover (whichever is higher).

GDPR facts and figures

  1. The GDPR under blockchain is a far-reaching technology that has the potential to revolutionise the way in which many industries operate personal information.  Data Subject Access Request (DSAR) is one of the data subject rights conferred under the General Data Protection Regulation (GDPR)
  2. May 25th witnessed one of the most significant privacy and online regulation shakeups since the 1980s. Organisations are still confused about GDPR; and bewilderment as well as anxiety surrounding the hype and fear that led up to and followed the GDPR and its enactment.
  3. The GDPR has a broad scope, whereby data in the wrong hands can be made available to data subjects via Data Subject Access Request (DSAR) and enforcement action can be taken against organisations who fail to comply with such requests in a timely manner.
  4. Level 1 – Minimum Penalty: At this level, a company will be penalised up to €10 million or 2% of their annual turnover for non-compliance to GDPR.
  5. Level 2 – Maximum Penalty: At this level, a company will be penalized up to €20 million or 4% of their annual turnover for non-compliance to GDPR.
  6. The GDPR also impacts an organisation’s HR system, which has been enriched with insights from enterprise-wide data analytics.
gdpr audit

Data contraventions in digits

  1. Google is accused of violating European Data Protection Law (GDPR) by a group of seven consumer organisations.
  2. $280 billion! That’s the communicative cost of all the cyber-attacks on businesses that hit the EU in 2016 alone.
  3. GDPR fines totalled €56M, with more than 200,000 investigations, 64,000 of which were upheld in 2018.
  4. Enforcement notices served under the 1998 and 2018 Data Protection Acts for sustained failures to comply with individuals’ rights in respect of subject access requests.
  5. Organisations found responsible for sending 3,560,211 direct marketing messages to subscribers without consent.

Major GDPR fines across Europe

  1. ICO intends to fine British Airways £183.39m under GDPR for a data breach in July 2019.
  2. Information Commissioner’s Office (ICO) intends to fine Marriott International, Inc more than £99 million under GDPR for the data breach in July 2019.
  3. Sweden fined Google $8 million for right-to-be-forgotten violations and demands it keep websites in the dark in March 2020
  4. French data protection authority imposed a fine of £44m on Google because of lack of transparency, inadequate information and for not obtaining consent on personalisation. The complaints against Google were first filed on May 2018 the day GDPR took place by noyb and La Quadrature du Net (LQDN).
  5. The nationwide retailer was fined half a million pounds in January 2020 for failing to secure information of at least 14 million people
  6. Deutsche Wohnen fined 14.5 million euros penalty in November 2019.
  7. Facebook agreed to pay fine in October 2019 over the Cambridge Analytica scandal. Company withdraws appeal against £500,000 penalty imposed by UK data watchdog
  8. A London based firm, Tax Returned Limited, has been fined £200,000 by the Information Commissioner’s Office (ICO) for sending millions of unwanted marketing text messages.
  9. Making it Easy Ltd has been fined £160,000 by the Information Commissioner’s Office (ICO) for making spam calls to people registered with the Telephone Preference Service (TPS).
  10. Life at Parliament View Ltd fined £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.
  11. EE Limited fined £100,000 for sending over 2.5 million direct marketing messages to its customers, without consent.
  12. The Information Commissioner’s Office (ICO) has fined Smart Home Protection Ltd £90,000 for making nuisance calls to people registered with the Telephone Preference Service (TPS).
gdpr audit