October 29, 2018

GDPR: Winter is coming (and enforcement is too)

+ Follow Contact

Send

Embed

Bond Schoeneck & King PLLC

After its implementation in May 2018, the European Union General Data Protection Regulation (GDPR) continues to dominate headlines in many industries, including technology. On September 25, 2018, Facebook discovered a security breach that exposed the personal information of approximately 50 million users. Facebook disclosed this breach within the 72-hour window required for disclosure under the GDPR. Despite the timeliness of the notification, the Irish Data Protection Commission indicated that Facebook could still face enormous fines for its inability to clarify the nature of the breach and risk to users at the time of notification.

If a company violates data subject rights or fails to comply with required procedures under the GDPR, it can be fined up to four percent of its annual global turnover (revenue). Last year, Facebook reported more than $40 billion in global revenue. Therefore, Facebook’s potential fine could exceed $1.6 billion.

In a recent interview, the European Union’s data protection supervisor, Giovanni Buttarelli, stated that the first GDPR enforcement actions are scheduled to begin in November—six months after the GDPR came into effect. In July 2018, the U.K’s Information Commissioner’s Office commenced its first formal enforcement action against a Canadian data analytics firm, AggregateIQ Data Services. Formal complaints against Facebook, Google and other large data-dependent technology companies have occurred since the effective date of the GDPR, resulting in ongoing investigations. Enforcement actions should help other impacted entities interpret the GDPR with greater precision. We will continue to monitor these developments as they unfold.

What does this mean for your business?

If your entity maintains an online presence it may be subject to the GDPR. For example, if your website collects any information about its users, whether through forms people submit on the website or through third party collections, such as Google Analytics, the GDPR likely impacts the way your entity collects, stores and processes data.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Bond Schoeneck & King PLLC

Contact + Follow

Amber Lawyer

+ Follow

Fred Price

+ Follow

Sara Temes

+ Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Cybersecurity

+ Follow

Data Breach

+ Follow

Data Privacy

+ Follow

Data Protection

+ Follow

EU Data Protection Laws

+ Follow

Facebook

+ Follow

General Data Protection Regulation (GDPR)

+ Follow

Personal Data

+ Follow

Personally Identifiable Information

+ Follow

Popular

+ Follow

Communications & Media

+ Follow

Consumer Protection

+ Follow

International Trade

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Bond Schoeneck & King PLLC on:

GDPR: Winter is coming (and enforcement is too)

Latest Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Bond Schoeneck & King PLLC on:

"My best business intelligence, in one easy email…"