What is the General Data Protection Regulation (GDPR)?

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive and far-reaching regulation in EU Law on data privacy and protection in the European Union and the European Economic Area that came into force on 25th May 2018. In January 2012, the European Commission aimed to make plans for data protection reform. The primary agenda was to make Europe ‘fit for the digital age’. So, the current framework of the EU applies to every organization in all member-states and has implications for businesses and individuals across Europe. The vice-president for the Digital Single Market enunciated, “The digital future of Europe can only be built on trust. With profound common standards for data protection, people make sure they have control over their personal information.”

gdpr audit

General data protection regulation simplifies the regulatory environment for business. That is why this framework aims to raise public knowledge of the rules and requirements. It is for handling personal data, privacy, and consent in the digital sphere.

So, when a data breaThey must also secure the data to respect the rights of data owners and to avoid potentially hefty fines by the regulator of up to 20 million Euros of 4% of annual global turnover (whichever is higher).

Facts and figures

  1. The GDPR under blockchain is a far-reaching technology. It has the potential to revolutionize the way in which many industries operate personal information.  
  2. May 25th witnessed one of the most significant privacy and online regulation shakeups since the 1980s.
  3. However, the GDPR has a broad scope, allowing data subjects to request access to their personal information if it has fallen into the wrong hands. So, organizations that fail to respond to these requests promptly may face regulatory action.
  4. Level 1 – Minimum Penalty: At this level, a company will be penalized up to €10 million or 2% of their annual turnover for non-compliance to GDPR.
  5. Level 2 – Maximum Penalty: At this level, a company will be penalized up to €20 million or 4% of their annual turnover for non-compliance to GDPR.
gdpr audit

Data contraventions in digits

  1. A collection of seven consumer organizations have accused Google of breaking the European Data Protection Law (GDPR).
  2. $280 billion! All of the business cyberattacks that occurred in the EU in 2016 alone had a communication cost of that much.
  3. More than 200,000 inquiries led to a total of €56 million in GDPR fines.
  4. Enforcement notices served under the 1998 and 2018 Data Protection Acts for sustained failures to comply with individuals’ rights.
  5. So, organizations found responsible for sending 3,560,211 direct marketing messages to subscribers without consent.

Major fines across Europe (General data protection regulation)

  1. ICO intends to fine British Airways £183.39m under GDPR for a data breach in July 2019.
  2. Information Commissioner’s Office (ICO) intends to fine Marriott International, Inc more than £99 million under GDPR for the data breach in July 2019.
  3. Sweden fined Google $8 million for right-to-be-forgotten violations and demands it keep websites in the dark in March 2020
  4. French data protection authority imposed a fine of £44m on Google because of lack of transparency. Also for inadequate information and for not obtaining consent on personalization.
  5. Deutsche Wohnen fined 14.5 million euros penalty in November 2019.
  6. Also, facebook agreed to pay fine in October 2019 over the Cambridge Analytica scandal. Company withdraws appeal against £500,000 penalty imposed by UK data watchdog
  7. Additionally, The Information Commissioner’s Office (ICO) has fined London-based Tax Returned Limited £200,000 for sending millions of unwanted marketing text messages.
  8. Life at Parliament View Ltd fined £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.
  9. EE Limited fined £100,000 for sending over 2.5 million direct marketing messages to its customers, without consent.
gdpr audit