Recent updates in GDPR enforcement
Recent updates in GDPR enforcement
As of 25 May 2018 when GDPR has entered into force, quite a few global companies have faced fines due to different breaches of this regulation. The GDPR has established a new set of rules designed to give EU citizens more control over their personal data and set up higher standards related to the processing of personal data. Consequently, failure to comply with the GDPR can result in significant fines – up to 4% of the firm’s worldwide annual revenue from the preceding financial year.
Who is on the radar?
When it comes to the GDPR enforcement within the EU, so far the practice of competent regulatory authorities has shown that the airline and hotel industries are facing the highest fines for data breaches.
Namely, British Airways is exposed to sanction in the amount of £183.39 million due to a cyber incident in September 2018 which resulted in the personal data of 500,000 people being compromised. Apparently, the issue was related to the safety measures of personal data, where the regulatory body has found out that this airline had poor security arrangements for the protection of data.
The appropriate security measures were also the issue in the case related to another cyber-attack, where personal data of 339 million guest of hotel Marriott were exposed globally. For such infringement reflecting in failure to undertake adequate protective measures as the GDPR requires, Marriott is currently facing the fine in the amount £99,200,396.
Meanwhile in the neighborhood…
In June 2019, the Romanian regulatory body has issued first fine under the GDPR. Namely, after an investigation, the National Supervisory Authority has found that UniCredit Bank has failed to implement adequate data protection technical and organizational measures and, therefore, the personal data of 337,000 customers were made publicly accessible. As a result, the bank was sanctioned with a fine in the amount of EUR 130,000.
Another GDPR fine amounted to EUR 150,000 was imposed to PricewaterhouseCoopers (PwC) in Greece. As per the decision dated 30 July 2019, the Hellenic data protection authority has found that PwC violated the principle of lawful, fair and transparent processing of personal data employees regarding the requirements of employee’s consent for the processing personal data. In the said decision, the authority stated that consent of data subject (employee) in the context of employment relations cannot be regarded as freely given due to the clear imbalance between parties. The conclusion was that PwC should have used the performance of a contract or compliance with a legal obligation base for processing, rather than employee’s consent.
Bearing in mind all of the above-mentioned, one can tell that the current practice of EU regulatory bodies shows that competent authorities are duly taking implementation and enforcement of GDPR. That said, if you haven’t already started your journey to GDPR compliance, we suggest to begin it as soon as possible.
This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.
Miloš Velimirović , Partner
+381 63 555 156
Kristina Pavlović, Associate
+381 69 3282 817
On its way to becoming an EU Member State, Serbia has been harmonizing its law with the EU acquis. Within the Negotiating Position of the Republic of Serbia for Chapter Nine - "Financial Services", the RS undertook, inter alia, to transpose Directive 2011/61/EU...
The State Secretary of the Ministry of Labor, Employment, Veteran and Social Policy of the Government of the Republic of Serbia announced the new Act on health and safety at work, which is to be adopted by the end of the year. The new Act is intended to enhance...
We would like to welcome our newest members to the SOG team! We are looking forward to having them join our work family and be part of the many innovative and interesting projects. Get to know them by checking out their profiles below. Boris Radojčić, Senior...
Let us know how we can help you and your business.