Articles - Privacy - February 6, 2020

Guess what? GDPR enforcement is on fire!

admin February 6, 2020

0 570 3 min read

You read that right: GDPR enforcement is on fire! While fines are not always particularly high, our analysis shows that, in terms of volume, data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities. Some interesting trends are also emerging:

DPAs have levied 190 fines and penalties to date. With 43 enforcement decisions made so far, Spain leads the pack as Europe’s most active regulator, followed by Romania (21) and Germany (18). The UK has imposed the highest total amount of fines — more than €315 million — if both British Airways’ and Marriott’s fines are upheld after appeal. Following are France’s Commission Nationale de l’Informatique et des Libertés, with just over €51 million in fines, and Germany’s DPA, at nearly €25 million.
Failures of data governance — not security — trigger the most fines and penalties. DPAs have primarily acted against the infringement of Article 5 (principles of processing of personal data) and Article 6 (lawfulness of processing). These rules contain key data governance principles, such as data accuracy and quality, and fairness of processing, when firms collect and process the minimum amount of data necessary for a specific, clearly defined purpose. Firms struggle greatly to meet the requirements around consent and other available legal bases.
Breaches get the enforcement ball rolling but are just a starting point. Many security and risk (S&R) and privacy pros expected security infringements and missed breach notifications to be the main triggers of GDPR enforcement. DPAs have undertaken about 50 actions for infringement of article 32 (security requirements) and a few more related to failure to report breaches. These cases show that an actual security incident is just the starting point for determining fines. Investigations that followed some of the biggest breaches of the post-GDPR era focused not only on the specific conditions of the breach but also highlighted “poor security arrangements.” Adequate authentication procedures — or the lack thereof — have been DPAs’ focus since the first enforcement action in 2018.
Compromised data…

Read The Full Article

Leave a Reply Cancel reply

DON'T MISS

Leading with a security-first mentality

Danish DPA set to fine furniture company

Why Few Marketers Are Invited To Join Boards Of Directors

How to Completely DELETE Your Facebook Account in 2020

How Much Data Do We Create Every Day? The Mind-Blowing Stats Everyone Should Read

Blazon Online

Latest News

Email Subscription

We are Blazon.Online a strategic partnership between RMA and 2410365 Ontario, Inc located at 37 Hwy 8, Dundas, Ontario L9H 4V1. We send a weekly update and the occasional email regarding response marketing. You can reach us at dl@blazon.online or 416 524 7844. You can unsubscribe at any time.

Industry Leaders Reflect on 2018, Offer Predictions for 2019

Average Cost of Cyberattack Now Exceeds $1 Million

5 Things for a Marketer to Consider for 2019!

30 Must Read Articles On Brand Management

Your Customers May Be the Weakest Link in Your Data Privacy Defenses