It’s Data Privacy Day, an international effort held annually on January 28th to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. However, it seems there are some organisations out there who still need to embrace these principles…
Following their record fine of $5 billion imposed by the EU last year for Android antitrust issues, Google have kicked off 2019 with yet another penalty. Last week it was announced that France’s data protection authority, CNIL, are fining the tech giant $57 million (€50 million) under the GDPR – the first GDPR fine for a US headquartered organisation, and the largest GDPR fine to date since its inception in May 2018.
This fine was triggered by complaints surrounding the way Google were handling data of French citizens, with a lack of transparency around adverts and data use, with CNIL stating the fine was “justified by the severity of the infringements observed regarding the essential principles” of GDPR.
There is somewhat of an irony here, that most people looking into this story all over the world are likely to have used the popular search engine to source news coverage on the fine – with Google amassing yet more user data. But should they not improve on their practices of data protection, this could land them in more troubled water. As we are all well aware, the maximum fine that can be levied under the GDPR is either €20 million, or 4% of global turnover, whichever is larger. For the likes of Google which had a revenue of $229 billion in 2017 (equating to a maximum GDPR fine over $9 billion), this latest fine is a mere drop in the ocean.
And soon it won’t just be GDPR that the likes of Google, Apple, Amazon and Facebook have to contend with. As of the 1st January, 2020, the California Consumer Privacy Act (CCPA) will become effective, which will effect the way organisations deal with, and protect, the data of Californian citizens in a similar manner to GDPR.
Although the topic of data protection and data privacy may seem to be ceaseless in recent times, it is clear that it is still of top priority and top importance for organisations, and indeed nations. Judging by the number of infringements being declared, it is clearly a topic that some seem to be taking more seriously than others. All organisations have to comply with the rules of their industry bodies and the nation states they operate in. By not taking these regulations seriously, not only are businesses opening themselves up to potentially crippling fines, but are also risking the reputation of their organisation, which in itself can be fatal not just for the business but for their employees – just look at Target and BP for example.
Now really is the time to be taking stock of the data in your possession. Asking questions such as what data are you holding, who has access to it, and how is it organised, stored, used and deleted across its lifecycle? Knowing the answers to these questions goes a long way when faced with regulatory scrutiny, and could help to keep you out of the spotlight that Google seem to have found themselves in.
Here at Boldon James, we can help you find the answer to those questions. Contact us now to get started on your data protection and compliance journey.