One year after May 25, 2018, you could almost think that GDPR was no big deal.
Even if more than 200.000 investigations were conducted, most of the times authorities issued only warnings, with only one notable EUR 50 million fine for Google, coming from CNIL (France data protection authority).
But huge tech companies getting investigated and fined is no longer news. After all, they process personal data for millions or billions of people and are more prone to receive complaints and fines.
However, especially during the past few months, things started to change, with data protection authorities around Europe determined to clarify that GDPR applies to every company or organization.
Size, country or industry don’t matter
CNIL (France’s data protection authority) has fined a real estate company EUR 400.000 and a small translations office with EUR 20.000.
In Norway, the Municipality of Bergen has been fined EUR 170.000 for storing login credentials for 35.000 students and employees, in a public area.
ICO (UK's independent body set up to uphold information rights) has already announced the intention of fining two big companies: British Airways and Marriott International for GDPR violations. They also fined a London estate agency £80.000 for leaving the personal data of 18.000 customers exposed for almost two years.
And this month, in Romania – one of the last EU countries without any GDPR fine - a bank received a EUR 130.000 sanction, for “failure to implement appropriate technical and organisational measures”. Followed just a few days later by a EUR 15.000 fine for a hotel and EUR 3.000 fine for a small legal organisation.
What’s coming next?
Looking at the past few months it seems clear that the “grace period” is ending and warnings are gradually being replaced by fines.
We expect an increase in the number of investigations and sanctions, as businesses work to better manage their privacy-related risks and make GDPR compliance part of their business routine.
About Sypher Suite
Sypher Suite is a software platform designed to simplify compliance work and help your team analyse, document and maintain GDPR compliance.
It uses custom logic and specific flows to break your project into small, more manageable tasks, and make sure that everything that needs to be done is on your radar.
It’s also very practical, with regular updates, based on customer feedback about real problems encountered by companies implementing GDPR.
Contact us for more information or start your free trial here.