Recent updates in GDPR enforcement
Recent updates in GDPR enforcement
As of 25 May 2018 when GDPR has entered into force, quite a few global companies have faced fines due to different breaches of this regulation. The GDPR has established a new set of rules designed to give EU citizens more control over their personal data and set up higher standards related to the processing of personal data. Consequently, failure to comply with the GDPR can result in significant fines – up to 4% of the firm’s worldwide annual revenue from the preceding financial year.
Who is on the radar?
When it comes to the GDPR enforcement within the EU, so far the practice of competent regulatory authorities has shown that the airline and hotel industries are facing the highest fines for data breaches.
Namely, British Airways is exposed to sanction in the amount of £183.39 million due to a cyber incident in September 2018 which resulted in the personal data of 500,000 people being compromised. Apparently, the issue was related to the safety measures of personal data, where the regulatory body has found out that this airline had poor security arrangements for the protection of data.
The appropriate security measures were also the issue in the case related to another cyber-attack, where personal data of 339 million guest of hotel Marriott were exposed globally. For such infringement reflecting in failure to undertake adequate protective measures as the GDPR requires, Marriott is currently facing the fine in the amount £99,200,396.
Meanwhile in the neighborhood…
In June 2019, the Romanian regulatory body has issued first fine under the GDPR. Namely, after an investigation, the National Supervisory Authority has found that UniCredit Bank has failed to implement adequate data protection technical and organizational measures and, therefore, the personal data of 337,000 customers were made publicly accessible. As a result, the bank was sanctioned with a fine in the amount of EUR 130,000.
Another GDPR fine amounted to EUR 150,000 was imposed to PricewaterhouseCoopers (PwC) in Greece. As per the decision dated 30 July 2019, the Hellenic data protection authority has found that PwC violated the principle of lawful, fair and transparent processing of personal data employees regarding the requirements of employee’s consent for the processing personal data. In the said decision, the authority stated that consent of data subject (employee) in the context of employment relations cannot be regarded as freely given due to the clear imbalance between parties. The conclusion was that PwC should have used the performance of a contract or compliance with a legal obligation base for processing, rather than employee’s consent.
Bearing in mind all of the above-mentioned, one can tell that the current practice of EU regulatory bodies shows that competent authorities are duly taking implementation and enforcement of GDPR. That said, if you haven’t already started your journey to GDPR compliance, we suggest to begin it as soon as possible.
This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.
Miloš Velimirović , Partner
+381 63 555 156
Kristina Pavlović, Associate
+381 69 3282 817
SOG advised Bravos Holding on a multi-million-euro acquisition of a high-class office building located in Bulevar Milutina Milankovića, Novi Beograd from DUTB, the Slovenian “bad bank”. The building (surface of 12,000 m2) has been leased as a high-class office...
The Alternative Investment Funds Act (“Act”) came into force on 19 October 2019 and applies as of 20 April 2020, except certain provisions whose application is postponed. Additionally, the Securities Commission adopted 7 bylaws implementing the Act, which came...
As we witness the progress of technological achievements in our society, certain advancements in this field may give cause for concern in others, such as privacy and personal data protection laws. Although facial recognition technology has been around for a...
Let us know how we can help you and your business.