Everyone desires for something extra, whether it is, knowledge, advantage, service or anything. Similarly, this article is going to provide you with Compliance updates, a piece of additional knowledge about fines and extra tips to get compliant.
Fines become a reality when organisations fail to protect the data of their customers. Obviously, a customer’s confidential data has great importance; otherwise, it will enhance the ratio of targeting, blackmailing and many sorts of other crimes.
No matter, an organisation has a significant influence over society, or it’s just a small scale company, the General Data Protection Regulations (GDPR) is for everyone. Because, these companies contain vital data of its clients, and when Data Privacy precautions are not taken, a company always ends up losing that information.
Which is why fines and penalties are imposed to abate the cyber attacks.
Three huge enterprises are set to fine and created a history. British Airways, Marriott Hotels, and Facebook received the most significant fines of all times and still being targeted in many controversies.
Let’s have a quick recall.
British Airways
The Information Commissioner Officer fined British Airways for its last year security system hacking and data breach. As per BA resources, it was a sophisticated, malicious criminal attack.
Whereas, according to the ICO, the penalty which is handed over to British Airways broke all the previous records. The ICO said the users of the British Airways website were diverted to a scammed website.
The attackers hacked the details of 500,000 customers, from that fraudulent site. The compromised information included the login, payment card, and travel booking details as well as name and address information.
After all the chaos, the BA co-operated very well with the Commissioner Officer and investigation. It also acted quickly to make improvements to its security arrangements.
Marriott Hotel
Recently, you probably have noticed that data breach kept on hitting the large organisations and Marriott cyberattack is in the same inventory now.
Personal data of more than 500m people, including credit card details, passport numbers, and date of birth has been hacked. Many are regarding this mishap as s “colossal” hack of Marriott International.
The company’s primary sources said that they became aware of this infringement early in September. The information obtained by hackers contained names, mailing addresses, phone numbers, email addresses, and passport numbers.
Marriott’s data breach created plenty of headlines and spice stories, but no one knew the enforcer behind it. However, it was a Chinese intelligence-gathering effort that hacked many more types of data, including the health and security clearance of Americans, according to the investigations.
Though, the news says the hackers implemented on the instructions of the ministry of state security and the civilian spy agency.
This discovery is made when Trump administration was planning to target China’s trade, cyber and economic policies within days.
According to the four government officials, they are planning to impose a fine and required investigation on those Chinese hackers working under the intelligence.
As a result, the Trump administration decided to derestrict the reports to cancel the effect in case the hackers reveal the identity of US government officials.
Facebook is set to face a $5bn fine following an investigation into the Cambridge Analytica data-stealing scandal.
The Federal Trade Commission (FTC) began investigating Facebook back in March 2018, after a whistleblower revealed it. Users taking a personality quiz via an app on the site had their data collected by Facebook.
The company also recorded the public data of their friends. Around 87 million users affected despite only 305,000 users installing the quiz app.
This data then sold to Cambridge Analytica, which used it to profile US voters psychologically. It then targeted users with material to help Donald Trump 2016 presidential campaign.
Facebook received a fine of £500,000 by the UK data protection watchdog back in October.
Ongoing investigations and Penalties all around the world
The GDPR was implemented in 2018; however, 2019 is the year of GDPR enforcement. Data Protection Authorities (DPAs) in Germany have started their audits, and France’s DPA, the CNIL, fine earlier this year. Due to its enforcement and influence, many companies have launched their new legislation, ranging from a penalty to imprisonment.
Ongoing fines are for companies to realise the value of data protection for their clients. In accordance with GDPR, a single violation will make you pay $1,000,000. Whereas, in some countries, being non-compliant is itself an offense no matter any data breach incident has stroked it or not.
In recent times, a comparison of the GDPR compliance within 24 countries around the world, have started, from Germany to Japan to Israel. The upshot declared that 65% of these countries either improved their data protection laws or issued new compliance rules after the GDPR was announced in 2016.
There are reasons why countries have increased fines for Data Protection Regulations. Organisations want to gain adequacy agreement with the EU under the GDPR, for the free flow of data between them. Secondly, penalties will reflect how persuasive a country’s supervisory authority is in terms of data protection laws.
Previous controversial Fines
The news is, some countries do not stop at corporate fines. The GDPR allows EU Member State derogations for penalties. Many countries, like Germany, France, Japan, the Philippines, Mexico, and Indonesia, issue sanctions to individuals who are responsible for a data compromise.
Germany
Germany started to lead the GDPR enforcement and started its audit back in July. It issued a plethora of penalties last summer. Knuddels is a German social media, had received the first fine.
In July of 2018, intruders planned a cyber-attacks, and as a result, it compromised the personal information of more than 330,000 Knuddels users, including 808,000 email addresses and passwords.
However, in November, the LfDI fined this small scale company, which was €20,000. It was a shock for many because it could go around €10 million or 2% of the company’s annual revenue.
Poland
Poland On April 1, 2019, Poland’s DPA, the UODO, fined a digital marketing agency €220,000 for non-compliance with the GDPR’s data subject rights requirements.
CNIL Google
We all have heard Google’s cautionary tale. In January of 2019, the French DPA, the CNIL, fined the tech giant €50 million for violating the requirements of the Data Protection Regulations. A noteworthy fact, it received fine not in the reciprocation of a data breach but due to subject data complaints.
The recent research of DLA Piper brought out some interesting statistics regarding data breaches and fines post-GDPR implementation. According to a report, published in February 2019, found that only 91 fines issued under the GDPR and 59,000 personal data breaches reported. The regulator’s main focus is high-profile and severe violations, leaving many companies waiting to see what may happen with their cases.
Japan, the person involved in a data breach will confront imprisonment of a year.
Philippine, the culprit will face up a prison sentence ranging from 1 to 7 years.
Switzerland, anyone who fails to convey accurate information to the Federal Data Protection and Information Commissioner will receive a personal fine.
Countries are now ready for GDPR compliance.
1) India
India has decided to follow EU-GDPR long ago. In 2017, the Indian Government opted out Justice BN Srikrishna to lead a former judge of the Supreme Court of India the committee of experts to create the legal framework for data protection and data privacy in India. He is also a former judge of the Supreme Court of India.
The agenda of the committee was, “to make specific suggestions for consideration of the Central Government on principles consideration for data protection in India and suggest a draft data protection bill.”
2) Brazil
On August 14, 2018, Brazil approved the General Data Protection Law. However, the law will come into effect after its 18th adaptation period, in early 2020. The LGPD has introduced a new legal framework for the use of personal data in Brazil.
The structure is for both online and offline, in the private and public sectors. A notable fact is, Brazil has more than 40 legal norms at the federal level that directly and indirectly deal with the protection of privacy and personal data in a sector-based system.
3) Ecuador
On Wednesday, January 16, 2019, the National Directorate for the Registration of Public Data (DINARDAP), an Ecuadorian public entity attached to the Ministry of Telecommunications.
The person represented the first law of personal data protection of Ecuador to the public. This productive approach indicates the Government is stepping forward to make the regulatory changes in terms of data privacy transparent and inclusive for all.
Your vision our mission – Enjoy the privilege.
When it comes to protecting your data, you’re in safe hands. Seers is at the forefront of cybersecurity and data protection. We privacy management tools and launched eight privacy products and have 1,500 users. We’re proud to say that we’ve helped many organisations successfully.
We’re UK’s leading provider of cyber risk and privacy management solutions and have built a strong global presence with our deep technical expertise and proven track record.
