See our latest news articles
Many businesses felt the impacts of the General Data Protection Regulation when it came into effect last May; mailing lists were slashed and marketing practises changed. If you did everything right, there shouldn’t be any problems, but if you haven’t yet taken the necessary precautions, now is the time to start. There can be dire, business-ruining consequences if you get caught out – as some of the world’s biggest companies have been finding out.
Google’s €50 million GDPR error
Even the most powerful digital company, Google, has been held accountable under GDPR, being fined €50 million in January by the French data regulator CNIL. The company received complaints in May 2018 about a lack of transparency when obtaining consents, as well as having the option to receive personalised ads as pre-ticked, which does not comply with GDPR.
Facebook fined £0.5 million
In October 2018, Facebook were given a £500,000 fine for their role in the Cambridge Analytica scandal, in which the information from 87-million users was shared without the necessary permissions with the political consultancy Cambridge Analytica. The scandal shocked many people all over the world as to how much raw information the giants of the internet have access to.
The £500,000 fine was the maximum penalty that could be given at the time because the data breaches occurred before GDPR came into effect, but a spokesperson for the Information Commissioner’s Office said: “The fine would have been considerably higher under the GDPR.”
Bounty Pregnancy Club
In April, Bounty Pregnancy Club was fined £400,000 for sharing 34.3 million records from June 2017 to April 2018 with 39 organisations. The Information Commissioner’s Office (ICO) said that Bounty had not been “open and transparent” with its users about how their data would be used.
Bounty Pregnancy Club offer vouchers, guides, new parent packs and free samples to support families in their transition to parenthood. However, few of Bounty’s users knew that the company was also a data broker, supplying the gathered personal information to other companies for use in marketing without acquiring the necessary consents – a big no-no under GDPR.
Fines under GDPR
Companies that break the data regulations imposed by GDPR can now be fined up to €20 million or 4% of their global turnover, whichever is highest. You can find out more information on the cost of getting GDPR wrong here.
So, what requirements do you need to abide by to stay in line with the GDPR?
GDPR is concerned with protecting people’s private and personal data. This includes their home address, their personal email address, their personal contact numbers, their gender and anything else that might be used to identify an individual, such as their religion.
The GDPR rules require specific consents and documentation of consents from both clients and prospects to ensure that databases are compliant. You can read full details on how to make your database GDPR compliant here.
Getting GDPR wrong can be extremely costly. It’s therefore incredibly important to make sure that any databases you keep have the necessary documented consents and are stored safely and securely.