Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a €150 000 fine from the French privacy regulators for a violation along similar lines.
It’s going to cost Facebook a fair bit of cash in addition to the millions they’re already spending on compliance to right their data privacy wrongs and become compliant with Europe’s fast-approaching General Data Protection Regulation (GDPR). These fines are based on current laws and will take place before the EU’s GDPR comes into play in May 2018, when fines can reach up to 4 percent of turnover or €20 million for violating data subjects’ rights.
Smaller businesses are frequently asking whether they’ll be affected by the new regulation and the answer is a resounding YES. No matter how big or small a company is, if it collects or processes personal information belonging to EU residents, it’ll need to comply with the law.
The UK’s Information Commissioner’s Office (ICO), which upholds information rights in the public interest, has said it’ll be rational and proportionate when it comes to implementing the law and that fines will be a last resort.
Even if that’s true, warnings and reprimands can be equally damaging to a business – if people don’t feel their personal information is secure and processed fairly, or if their data is being used without their consent, then they’re simply going to take their business elsewhere.
Businesses in the UK are only just beginning to realise the importance of data protection and the impact of compliance with the GDPR. Hopefully they’ll also realise the regulation need not be a burden. It can be an opportunity to strengthen trust in their brand by demonstrating themselves as good custodians of their customers’ personal data.
Solutions like GDPR365 can take some of the complexity out of developing and implanting a GDPR plan, so a company can focus on its data security and data management practices. With only a little more than six months to go, it’s time to get started.